Deploying CONNECT to WildFly 8.2.1

Owned by Tran Tang (Unlicensed)
Last updated: Jul 18, 2019
6 min read

Version History

Version

Date

Modified By

Description of Modification

1.0

03/02/2015

Christopher May

Initial version

1.103/02/2016Tabassum JafriUpdated Server Configuration and Data sources
1.212/28/2016Kim NguyenAdded quick and detailed setup instructions
1.310/26/2018Patrick LobreUpdate to use jdk8 and keysize

Introduction

WildfFly 8.2.1 Final can be download at: http://download.jboss.org/wildfly/8.2.1.Final/wildfly-8.2.1.Final.zip

This guide includes a Quick Setup section and a Detailed Setup section. The quick setup utilizes WildFly 8.2.1 configuration files that have been pre-configured for CONNECT deployment. Following the CONNECT setup instructions will result in a fully-functioning test gateway that should not be used as a live production system.

Please refer to Adopters Implementation Guidelines to integrate CONNECT with your live web service components and to import genuine certificates issued by an authorized certificate authority before attempting transactions on a live exchange.

Prerequisites

  1. A running instance of MySQL - The CONNECT team uses version 5.7.22
  2. Either a downloaded CONNECT binary zip file or a local CONNECT build
  3. If Direct will be deployed with CONNECT, the Java Cryptography Extension must be installed. Please see the Oracle JCE Documentation.
  4. Set JBOSS_HOME as an environment variable with the path to your Wildfly installation root and add the variable to your class path

Quick Setup

JBOSS_ROOT refers to the Wildfly root install directory. Anywhere JBOSS_ROOT is used in this document, replace it with the actual Wildfly root install directory
CONNECT_ROOT refers to the root directory of either your local CONNECT repository or your CONNECT binary zip file

Pre-configured files

Download wildfly_quick_setup.zip for the pre-formatted WildFly configuration files required in this quick setup process

Configure WildFly for CONNECT deployment

  • Create the CONNECT properties directory:

    • For Windows, create a JBOSS_ROOT/modules/system/layers/base/org/connectopensource/configuration/main folder (some folders may already exist, some will need to be created)

    • For Linux, execute the following command: mkdir -p  /JBOSS_ROOT/modules/system/layers/base/org/connectopensource/configuration/main (some directories may already exist, some will need to be created)

  • Copy wildfly_quick_setup.zip→module.xml into the newly-created CONNECT properties directory

  • Copy the CONNECT configuration files to the CONNECT properties directory. 

    CONNECT configuration files

    In the binary distribution, the CONNECT properties are located in CONNECT_ROOT/properties
If CONNECT was built from source, the CONNECT properties are located in CONNECT_ROOT/Product/Production/Common/Properties/src/main/resources
  • Copy the correct standalone configuration file (standalone.conf for LINUX, standalone.conf.bat for Windows) to JBOSS_ROOT/bin:

    • For Windows, copy wildfly_quick_setup.zip→windows/standalone.conf.bat to JBOSS_ROOT/bin

    • For Linux, copy wildfly_quick_setup.zip→linux/standalone.conf to JBOSS_ROOT/bin

  • Copy wildfly_quick_setup.zip→standalone.xml to JBOSS_ROOT/standalone/configuration

Generate a self-signed certificate and create keystores and truststores

Create and populate databases and tables

  • Download and copy mysql-connector-java-5.1.10.jar into the JBOSS_ROOT /standalone/deployments directory to install the MySQL JDBC driver.
  • Execute the following SQL scripts:
    • dropall.sql
    • nhincdb.sql
    • populateTestData.sql

    Database scripts

    In the binary distribution, the database scripts are located in CONNECT_ROOT/DBScripts/nhincdb
If CONNECT was built from source, the database scripts are located in CONNECT_ROOT/Product/DBScripts/nhincdb

Deploy CONNECT

  1. Start the WildFly server and open the admin console
  2. If you haven't done so, you'll be required to create a new user:
    1. For Linux, execute the JBOSS_ROOT/add-user.sh script, follow the directions and then click Try Again in the admin console (may require server restart)
    2. For Windows, execute the JBOSS_ROOT/add-user.bat script, follow the directions and then click Try Again in the admin console (may require server restart)
  3. In the Admin Console, click the Deployments tab
  4. In the left Nav panel, click Add next to Deployment
  5. Choose Upload a new deployment click Next, click Choose File and browse to the CONNECT.ear file, click Next and then click Finish
  6. Click the Enable button corresponding to the CONNECT ear file

CONNECT ear

In the binary distribution, the CONNECT ear is located in CONNECT_ROOT/CONNECT-JB7/<CONNECT_VERSION>
If CONNECT was built from source, the CONNECT ear is located in CONNECT_ROOT/Product/Production/Deploy/jboss7/target

Deploy the Admin GUI

To deploy the CONNECT Admin GUI, repeat steps 1-4 above substituting the Admin GUI war for the CONNECT ear

Note: The Admin GUI is optional but recommended for ease of CONNECT administration and can be downloaded from the CONNECT Binaries by Release page

Admin GUI war

If CONNECT was built from source, the Admin GUI war is located in CONNECT_ROOT/Product/Production/Adapters/General/CONNECTAdminGUI

If you are having trouble deploying CONNECT using the quick setup instructions, follow the detailed setup instructions below step by step or reference the information below to troubleshoot


Detailed Setup

CONNECT properties directory module setup

  • Create the CONNECT properties directory:

    • For Windows, create a $JBOSS_HOME/modules/system/layers/base/org/connectopensource/configuration/main folder (some folders may already exist, some will need to be created)

    • For Linux, execute the following command: mkdir -p $JBOSS_HOME/modules/system/layers/base/org/connectopensource/configuration/main

  • To register the CONNECT properties directory as a WildFly module, create a module.xml file within that directory and add the following contents:

    ${JBOSS_HOME}/modules/.../org/connectopensource/configuration/main/module.xml
    <?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="org.connectopensource.configuration">
    <resources>
        <resource-root path="."/>
    </resources>
</module>

  • Copy the CONNECT configuration files to the newly-created CONNECT properties directory. In the binary distribution, these files can be found in the Properties directory. To copy directly from the source in LINUX:

    cp -r $CONNECT_ROOT/Product/Production/Common/Properties/src/main/resources/* $JBOSS_HOME/modules/system/layers/base/org/connectopensource/configuration/main

  • Configure keystores and truststores on the JBoss classpath. Execute the following commands from the CONNECT properties directory to create the keystores. To manage these files in another location be sure to make the necessary configuration updates listed /wiki/spaces/CONNECTWIKI/pages/10584180.

    keytool -v -genkey -keyalg RSA -keysize 2048 -keystore gateway.jks -keypass changeit -storepass changeit -validity 365 -alias gateway -dname "cn=localhost"
keytool -v -export -rfc -alias gateway -file localhost.cer -keystore gateway.jks -keypass changeit -storepass changeit
keytool -v -import -keypass changeit -noprompt -trustcacerts -alias localhost -file localhost.cer -keystore cacerts.jks -storepass changeit

Setting JAVA_OPTS

In the standalone configuration file (%JBOSS_HOME%/bin/standalone.conf in Linux, $JBOSS_HOME\bin\standalone.conf.bat in Windows), append the following and localize each statement based on your target OS:

Java 8 Users

Please note that Java 8 does not utilize the MaxPermSize and PermSize flags. These may be omitted on Java 8+

Linux standalone.conf
# Increase memory allocation
JAVA_OPTS="-Xmx8000m -XX:MaxPermSize=1024m -XX:PermSize=1024m"

# configuration directory
JAVA_OPTS="$JAVA_OPTS -Dnhinc.properties.dir=$JBOSS_HOME/modules/system/layers/base/org/connectopensource/configuration/main"

# keystore and truststore
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStore=$JBOSS_HOME/modules/system/layers/base/org/connectopensource/configuration/main/gateway.jks"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStorePassword=changeit"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStoreType=JKS"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=$JBOSS_HOME/modules/system/layers/base/org/connectopensource/configuration/main/cacerts.jks"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=changeit"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStoreType=JKS"
JAVA_OPTS="$JAVA_OPTS -DCLIENT_KEY_ALIAS=gateway"


Windows standalone.conf.bat
rem # Increase memory allocation
set "JAVA_OPTS=-Xmx8000m -XX:MaxPermSize=1024m -XX:PermSize=1024m"

rem # configuration directory
set "JAVA_OPTS=%JAVA_OPTS% -Dnhinc.properties.dir=%JBOSS_HOME%/modules/system/layers/base/org/connectopensource/configuration/main"

rem # keystore and truststore
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStore=%JBOSS_HOME%/modules/system/layers/base/org/connectopensource/configuration/main/gateway.jks"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStoreType=JKS"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=%JBOSS_HOME%/modules/system/layers/base/org/connectopensource/configuration/main/cacerts.jks"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=changeit"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStoreType=JKS"
set "JAVA_OPTS=%JAVA_OPTS% -DCLIENT_KEY_ALIAS=gateway"

Configure SSL

Make the following configuration changes in $JBOSS_HOME/standalone/configuration/standalone.xml:

  • Add a connect socket binding for port 8181 under the "standard-sockets" socket binding group:
  • Add stateless Bean in EJB undertow system

standalone.xml
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    ...
    <socket-binding name="connect" port="8181"/>
    ...
</socket-binding-group>
 
 
 
<subsystem xmlns="urn:jboss:domain:ejb3:2.0">
    <session-bean>
        <stateless>
            <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
        </stateless>
        <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
        <singleton default-access-timeout="5000"/>
    </session-bean>
    ...
 </subsystem>
  • Add an HTTPS listener to the "default-server" entry in the Undertow subsystem (Note: replace the previous http listener if it exists):

standalone.xml
<subsystem xmlns="urn:jboss:domain:undertow:1.2">
    ...
    <server name="default-server">
        ...
        <https-listener name="https" socket-binding="connect" security-realm="ApplicationRealm" verify-client="REQUIRED"/>
        ...
    </server>
    ...
</subsystem>
  • Under the ApplicationRealm security realm, update the authentication to reference your truststore, and add a server identity to reference your keystore:

standalone.xml
<security-realm name="ApplicationRealm">
    <server-identities>
        <ssl>
            <keystore path="modules/system/layers/base/org/connectopensource/configuration/main/gateway.jks"
                      relative-to="jboss.home.dir"
                      keystore-password="changeit"
                      alias="gateway"/>
        </ssl>
    </server-identities>
    <authentication>
        <truststore path="modules/system/layers/base/org/connectopensource/configuration/main/cacerts.jks"
                    relative-to="jboss.home.dir"
                    keystore-password="changeit"/>
        ...
    </authentication>
	...
</security-realm>

Address bindings

By default, WildFly services and applications are bound only to localhost.  As needed, change any references of 127.0.0.1 to the desired binding address.  0.0.0.0 can be used to bind to all addresses.

Configure data sources

Download and copy mysql-connector-java-5.1.10.jar into the $JBOSS_HOME/standalone/deployments directory to install the MySQL JDBC driver.

Browse to http://localhost:9990 to open up the Admin Console. Click on Data Sources. Click on Add and use the following chart to configure your data sources (make sure you select the MySQL JDBC driver and provide database username and password):

Name

JNDI Name

Connection URL

Ref-Name

JTA
adminguidb_pooljava:/jdbc/adminguidb_datasourcejdbc:mysql://localhost:3306/adminguidbjdbc/adminguidb_datasourcetrue

assigningauthoritydb_pool

java:/jdbc/assigningauthoritydb_datasource

jdbc:mysql://localhost:3306/assigningauthoritydb

jdbc/assigningauthoritydb_datasource

true

asyncmsgs_pool

java:/jdbc/asyncmsgs_datasource

jdbc:mysql://localhost:3306/asyncmsgs

jdbc/asyncmsgs_datasource

true

auditrepo_pool

java:/jdbc/auditrepo_datasource

jdbc:mysql://localhost:3306/auditrepo

jdbc/auditrepo_datasource

false
configdb_pooljava:/jdbc/configdb_datasourcejdbc:mysql://localhost:3306/configdbjdbc/configdb_datasourcetrue

docrepository_pool

java:/jdbc/docrepository_datasource

jdbc:mysql://localhost:3306/docrepository

jdbc/docrepository_datasource

true
eventdb_pooljava:/jdbc/eventdb_datasourcejdbc:mysql://localhost:3306/eventdbjdbc/eventdb_datasourcetrue
messagemonitoringdb_pooljava:/jdbc/messagemonitoringdb_datasourcejdbc:mysql://localhost:3306/messagemonitoringdbjdbc/messagemonitoringdb_datasourcetrue

patientcorrelationdb_pool

java:/jdbc/patientcorrelationdb_datasource

jdbc:mysql://localhost:3306/patientcorrelationdb

jdbc/patientcorrelationdb_datasource

true

patientdb_pool

java:/jdbc/patientdb_datasource

jdbc:mysql://localhost:3306/patientdb

jdbc/patientdb_datasource

true

transrepo_pool

java:/jdbc/transrepo_datasource

jdbc:mysql://localhost:3306/transrepo

jdbc/transrepo_datasource

true

Enable the data sources

 Data sources need to be enabled after they have been added. An additional optional step would be to test all the connections after enabling.

Execute CONNECT database scripts

Execute the following SQL scripts:

  • $CONNECT_ROOT/Product/DBScripts/nhincdb/dropall.sql
  • $CONNECT_ROOT/Product/DBScripts/nhincdb/nhincdb.sql
  • $CONNECT_ROOT/Product/DBScripts/nhincdb/populateTestData.sql

Deploy CONNECT

  1. Start the WildFly server and open the admin console. Follow the instructions for creating a new user.
  2. After creating a new user, click the Try Again link in the admin console to log in.
  3. In the Admin Console, click Deployments tab
  4. In the left Nav panel, click Add next to Deployment

  5. Choose Upload a new deployment click Next, click Choose File and browse to the <binary-location>/CONNECT-<VERSION>/CONNECT/<VERSION>/CONNECT-JB7-<VERSION>.ear file, click Next and then click Finish

    If deploying from compiled source code, the CONNECT ear will be located at $CONNECT_ROOT/Product/Production/Deploy/jboss7/target

  6. Click the Enable button corresponding to the CONNECT ear file

  7. Optional: For deploying CONNECT Admin GUI, repeat the steps 1-4 using <binary-location>/CONNECT-<VERSION>/CONNECTAdminGU/<VERSION>/CONNECTAdminGUI-<VERSION>.war

    If deploying from compiled source code, the AdminGUI war file will be located at $CONNECT_ROOT/Product/Production/Adapters/General/CONNECTAdminGUI/target

Log4J Configuration

Edit  $JBOSS_HOME/standalone/configuration/standalone.xml as following:

  • Add new file handler (ie NHIN) under the existing File handler to logging subsystem:
    logging subsystem
    <subsystem xmlns="urn:jboss:domain:logging:2.0">
.....
	<periodic-rotating-file-handler name="NHIN" autoflush="true">
		<formatter>
		<named-formatter name="PATTERN"/>
		</formatter>
		<file relative-to="jboss.server.log.dir" path="NHIN.log"/>
		<suffix value=".yyyy-MM-dd"/>
		<append value="true"/>
	</periodic-rotating-file-handler>
	<logger category="gov.hhs">
		<level name="DEBUG"/>
        <handlers>
        	<handler name="NHIN"/>
		</handlers>
	</logger>
.....
</subsystem>



FIPS Mode

Wildfly 8.2.1 with FIPS 140-2 Configuration


Links / Additional Reading

  1. CONNECT Forums 
  2. WildFly 8 Documentation