Version History

Introduction

As of CONNECT 5.0, JBoss AS is no longer supported. Please upgrade to JBoss EAP 7 if possible. JBoss EAP 7 can be downloaded from https://access.redhat.com/products/red-hat-jboss-enterprise-application-platform ← Red Hat log in required

This guide includes a Quick Setup section and a Detailed Setup section. The quick setup utilizes JBoss EAP 7 configuration files that  have been pre-configured for CONNECT deployment. Following the CONNECT setup instructions will result in a fully-functioning test gateway that should not be used as a live production system.

Please refer to Adopters Implementation Guidelines to integrate CONNECT with your live web service components and to import genuine certificates issued by an authorized certificate authority before attempting transactions on a live exchange.

Prerequisites

1. JAVA 8 is required for JBoss EAP 7
2. Either a downloaded CONNECT binary distribution or a local CONNECT build
3. A running instance of MySQL - The CONNECT team uses version 5.1.73
4. If Direct will be deployed with CONNECT, the Java Cryptography Extension must be installed. Please see the Oracle JCE Documentation.
5. Set JBOSS_HOME as an environment variable with the path to your JBoss installation root and add the variable to your class path

Quick Setup

JBOSS_ROOT refers to the JBoss root install directory. Anywhere JBOSS_ROOT is used in this document, replace it with the actual JBoss root install directory
CONNECT_ROOT refers to the root directory of either your local CONNECT repository or your CONNECT binary zip file

Configure JBoss EAP 7 for CONNECT deployment

• Create the CONNECT properties directory:

  • For Windows, create a JBOSS_ROOT/modules/system/layers/base/org/connectopensource/configuration/main folder (some folders may already exist, some will need to be created)

  • For Linux, execute the following command: mkdir -p  /JBOSS_ROOT/modules/system/layers/base/org/connectopensource/configuration/main (some directories may already exist, some will need to be created)

• Copy jboss_quick_setup.zip→module.xml into the newly-created CONNECT properties directory

• Copy the CONNECT configuration files to the CONNECT properties directory. 

  CONNECT configuration files

  In the binary distribution, the CONNECT properties are located in CONNECT_ROOT/properties
  If CONNECT was built from source, the CONNECT properties are located in CONNECT_ROOT/Product/Production/Common/Properties/src/main/resources

• Copy the correct standalone configuration file (standalone.conf for LINUX, standalone.conf.bat for Windows) to JBOSS_ROOT/bin:

  • For Windows, copy jboss_quick_setup.zip→windows/standalone.conf.bat to JBOSS_ROOT/bin

  • For Linux, copy jboss_quick_setup.zip→linux/standalone.conf to JBOSS_ROOT/bin

• Copy jboss_quick_setup.zip→standalone_full.xml to JBOSS_ROOT/standalone/configuration

Generate a self-signed certificate and create key stores and trust stores

• Execute the following commands from the CONNECT properties directory (created in the first step) to create the keystores. To manage these files in another location be sure to make the necessary configuration updates listed /wiki/spaces/CONNECTWIKI/pages/10584180.

Deploying CONNECT from Binaries#certkeystore

Create and populate databases and tables

• Download and copy mysql-connector-java-5.1.10.jar into the JBOSS_ROOT /standalone/deployments directory to install the MySQL JDBC driver.
• Execute the following SQL scripts:
  • dropall.sql
  • nhincdb.sql
    
  • populateTestData.sql

  Database scripts

  In the binary distribution, the database scripts are located in CONNECT_ROOT/DBScripts/nhincdb
  If CONNECT was built from source, the database scripts are located in CONNECT_ROOT/Product/DBScripts/nhincdb

Deploy CONNECT

1. Start the JBoss EAP 7 server and open the admin console
2. If you haven't done so, you'll be required to create a new user:
   1. For Linux, execute the JBOSS_ROOT/add-user.sh script, follow the directions and then click Try Again in the admin console (may require server restart)
   2. For Windows, execute the JBOSS_ROOT/add-user.bat script, follow the directions and then click Try Again in the admin console (may require server restart)
3. In the Admin Console, click the Deployments tab
4. In the left Nav panel, click Add next to Deployment
5. Choose Upload a new deployment click Next, click Choose File and browse to the CONNECT.ear file, click Next and then click Finish
6. Click the Enable button corresponding to the CONNECT ear file

In the binary distribution, the CONNECT ear is located in CONNECT_ROOT/CONNECT-JB7/<CONNECT_VERSION>
If CONNECT was built from source, the CONNECT ear is located in CONNECT_ROOT/Product/Production/Deploy/jboss7/target

Deploy the Admin GUI

To deploy the CONNECT Admin GUI, repeat steps 1-4 above substituting the Admin GUI war for the CONNECT ear

Note: The Admin GUI is optional but recommended for ease of CONNECT administration and can be downloaded from the /wiki/spaces/CONNECTWIKI/pages/117610137 page

If CONNECT was built from source, the Admin GUI war is located in CONNECT_ROOT/Product/Production/Adapters/General/CONNECTAdminGUI

If you are having trouble deploying CONNECT using the quick setup instructions, follow the detailed setup instructions below step by step or reference the information below to troubleshoot

Detailed Setup

CONNECT properties directory module setup - org.connectopensource

Create the JBOSS_ROOT/modules/system/layers/base/org/connectopensource/configuration/main directory

mkdir -p JBOSS_ROOT/modules/system/layers/base/org/connectopensource/configuration/main

To register this as a JBoss module, create a module.xml file in this new folder and add the following contents:

<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="org.connectopensource.configuration">
    <resources>
        <resource-root path="."/>
    </resources>
</module>

Copy/transfer the CONNECT configuration files to the org.connectopensource module directory. In the binary distribution, these files can be found in the Properties directory. To copy directly from the source:

cp -r ${CONNECT_ROOT}/Product/Production/Common/Properties/src/main/resources/* JBOSS_ROOT/modules/system/layers/base/org/connectopensource/configuration/main

Create the keystores in the org.connectopensource module directory:

keytool -v -genkey -keyalg RSA -keysize 2048 -keystore gateway.jks -keypass changeit -storepass changeit -validity 365 -alias gateway -dname "cn=localhost"
keytool -v -export -rfc -alias gateway -file localhost.cer -keystore gateway.jks -keypass changeit -storepass changeit
keytool -v -import -keypass changeit -noprompt -trustcacerts -alias localhost -file localhost.cer -keystore cacerts.jks -storepass changeit

Setting JAVA_OPTS

In the standalone configuration file (JBOSS_ROOT/bin/standalone.conf in Linux, JBOSS_ROOT/bin/standalone.conf.bat in Windows), append the following and localize each statement based on your target OS:

# Use standalone-full.xml instead of standalone.xml
JAVA_OPTS="$JAVA_OPTS  -Djboss.server.default.config=standalone-full.xml"

# Increase memory allocation
JAVA_OPTS="$JAVA_OPTS -Xmx8000m"

# configuration directory
JAVA_OPTS="$JAVA_OPTS -Dnhinc.properties.dir=$JBOSS_HOME/modules/system/layers/base/org/connectopensource/configuration/main"

# keystore and truststore
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStore=$JBOSS_HOME/modules/system/layers/base/org/connectopensource/configuration/main/gateway.jks"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStorePassword=changeit"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStoreType=JKS"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=$JBOSS_HOME/modules/system/layers/base/org/connectopensource/configuration/main/cacerts.jks"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=changeit"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStoreType=JKS"
JAVA_OPTS="$JAVA_OPTS -DCLIENT_KEY_ALIAS=gateway"

rem # Use standalone-full.xml instead of standalone.xml
set "JAVA_OPTS=%JAVA_OPTS% -Djboss.server.default.config=standalone-full.xml"

rem # Increase memory allocation
set "JAVA_OPTS=%JAVA_OPTS% -Xmx8000m"

rem # CONNECT configuration directory
set "JAVA_OPTS=%JAVA_OPTS% -Dnhinc.properties.dir=%JBOSS_HOME%/modules/system/layers/base/org/connectopensource/configuration/main"

rem # keystore and truststore
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=changeit"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStore=%JBOSS_HOME%/modules/system/layers/base/org/connectopensource/configuration/main/gateway.jks"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStoreType=JKS"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStoreType=JKS"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=%JBOSS_HOME%/modules/system/layers/base/org/connectopensource/configuration/main/cacerts.jks"
set "JAVA_OPTS=%JAVA_OPTS% -DCLIENT_KEY_ALIAS=gateway"
set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.xml.ws.transport.http.HttpAdapter.dump=true"
set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true"

Configure SSL

Make the following configuration changes in standalone-full.xml:

Add a connect socket binding for port 8181 under the "standard-sockets" socket binding group

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    ...
    <socket-binding name="connect" port="8181"/>
    ...
</socket-binding-group>

Add an HTTPS listener to the "default-server" entry in the Undertow subsystem:

<subsystem xmlns="urn:jboss:domain:undertow:3.1">
    ...
    <server name="default-server">
        ...
        <https-listener name="https" socket-binding="connect" security-realm="ApplicationRealm" verify-client="REQUIRED"/>
        ...
    </server>
    ...
</subsystem>

Under the ApplicationRealm security realm, update the authentication to reference your truststore, and add a server identity to reference your keystore:

<security-realm name="ApplicationRealm">
    <server-identities>
        <ssl>
            <keystore path="modules/system/layers/base/org/connectopensource/configuration/main/gateway.jks"
                      relative-to="jboss.home.dir"
                      keystore-password="changeit"
                      alias="gateway"/>
        </ssl>
    </server-identities>
    <authentication>
        <truststore path="modules/system/layers/base/org/connectopensource/configuration/main/cacerts.jks"
                    relative-to="jboss.home.dir"
                    keystore-password="changeit"/>
        ...
    </authentication>
	...
</security-realm>

Address Bindings

By default, JBoss EAP services and applications are bound only to localhost.  As needed, change any references of 127.0.0.1 in standalone-full.xml to the desired binding address.  0.0.0.0 can be used to bind to all addresses.

Configure Data Sources

Copy the mysql-connector-java-5.1.10.jar into the JBOSS_ROOT/standalone/deployments directory to install the MySQL JDBC driver.

Browse to http://localhost:9990 to open up the Admin Console. Click on Configuration->Subsystems->Data Sources->Non-XA. Click on Add and use the following chart to configure your data sources (make sure you select the MySQL JDBC driver and provide database username and password):

Deploy CONNECT

<subsystem xmlns="urn:jboss:domain:logging:3.0">
...
<periodic-rotating-file-handler name="NHIN" autoflush="true">
  <formatter>
    <named-formatter name="PATTERN"/>
  </formatter>
  <file relative-to="jboss.server.log.dir" path="NHIN.log"/>
  <suffix value=".yyyy-MM-dd"/>
  <append value="true"/>
</periodic-rotating-file-handler>
<logger category="gov.hhs">
  <level name="DEBUG"/>
  <handlers>
    <handler name="NHIN"/>
  </handlers>
</logger>
...
</subsystem>

Links / Additional Reading

CONNECT Forums

JBOSS EAP 7 Documentation