• No results found

OpenEdge: New and Revised Features for OpenEdge

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "OpenEdge: New and Revised Features for OpenEdge"

Copied!
24
0
0

Loading.... (view fulltext now)

Download now ( 24 Page )

Full text

(1)

OpenEdge:

New and Revised Features for

OpenEdge 11.7.6

(2)
(3)

Copyright

© 2020 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved. These materials and all Progress® software products are copyrighted and all rights are reserved by Progress Software Corporation. The information in these materials is subject to change without notice, and Progress Software Corporation assumes no responsibility for any errors that may appear therein. The references in these materials to specific platforms supported are subject to change.

Corticon, DataDirect (and design), DataDirect Cloud, DataDirect Connect, DataDirect Connect64, DataDirect XML Converters, DataDirect XQuery, DataRPM, Defrag This, Deliver More Than Expected, Icenium, Ipswitch, iMacros, Kendo UI, Kinvey, MessageWay, MOVEit, NativeChat, NativeScript, OpenEdge, Powered by Progress, Progress, Progress Software Developers Network, SequeLink, Sitefinity (and Design), Sitefinity, SpeedScript, Stylus Studio, TeamPulse, Telerik, Telerik (and Design), Test Studio, WebSpeed, WhatsConfigured,

WhatsConnected, WhatsUp, and WS_FTP are registered trademarks of Progress Software Corporation or one of its affiliates or subsidiaries in the U.S. and/or other countries. Analytics360, AppServer, BusinessEdge, DataDirect Autonomous REST Connector, DataDirect Spy, SupportLink, DevCraft, Fiddler, iMail, JustAssembly, JustDecompile, JustMock, NativeScript Sidekick, OpenAccess, ProDataSet, Progress Results, Progress Software, ProVision, PSE Pro, SmartBrowser, SmartComponent, SmartDataBrowser, SmartDataObjects, SmartDataView, SmartDialog, SmartFolder, SmartFrame, SmartObjects, SmartPanel, SmartQuery, SmartViewer, SmartWindow, and WebClient are trademarks or service marks of Progress Software Corporation and/or its subsidiaries or affiliates in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates. Any other marks contained herein may be trademarks of their respective owners.

May 2020 Last updated with new content: Release 11.7.6 Updated: 2020/05/18

(4)

OpenEdge collection: New and Revised Features for OpenEdge 11.7.6: Version 11.7.6 4

(5)

Table of Contents

What's New in 11.7.6...9

Support to run PAS for OpenEdge in Docker Containers...9

Deferred logging in PAS for OpenEdge...10

Updated Spring Security JARs...10

Migrate OpenEdge REST applications...13

Migrate OpenEdge SOAP applications...13

Migrate ABL applications ...13

New Relic Plugins...14

Install and configure the New Relic plugin for the OpenEdge database...14

Install and configure the New Relic plugin for PAS for OpenEdge...17

Updated GENSPRINGPWD utility for PAS for OpenEdge...20

Updated EncodePassword utility for the Classic AppServer...21

Set hashed and salted passwords using EncodePassword...21

Encrypt a password shared by REST Management Agent and REST web application...22 Contents

(6)

OpenEdge collection: New and Revised Features for OpenEdge 11.7.6: Version 11.7.6 6

(7)

Preface

Purpose

OpenEdge: New and Revised Features briefly describes both new features and changes to existing features ntroduced in OpenEdge® Release 11.7.6.

Audience

This guide is primarily intended for OpenEdge application developers and system administrators who are upgrading their license to Release 11.7.6 from Release 11.6.

Organization

What's New in 11.7.6

Presents descriptions of new and enhanced features introduced in Release 11.7.6.

Documentation conventions

See Documentation Conventions for an explanation of the terminology, format, and typographical conventions used throughout the OpenEdge content library.

(8)

OpenEdge collection: New and Revised Features for OpenEdge 11.7.6: Version 11.7.6 8

(9)

1

What's New in 11.7.6

This topic describes the new features included in OpenEdge Release 11.7.6. For details, see the following topics:

Support to run PAS for OpenEdge in Docker Containers

Deferred logging in PAS for OpenEdge

Updated Spring Security JARs

New Relic Plugins

Updated GENSPRINGPWD utility for PAS for OpenEdge

Updated EncodePassword utility for the Classic AppServer

Support to run PAS for OpenEdge in Docker

Containers

Progress Application Server (PAS) for OpenEdge Release 11.7.6 is available as a Docker image where applications can be developed, deployed, and run in an adaptive and isolated environment.

(10)

Deferred logging in PAS for OpenEdge

Deferred logging has been added to OpenEdge 11.7.6.

Deferred logging in PAS for OpenEdge opens an in-memory buffer to record information immediately preceding a multi-session agent crash. It also lets system administrators run an on-demand monitoring check on the instance. The in-memory buffer is configured independently from the agent log and automatically writes to the agent log file in the event of a crash or when it is called through an API.

This feature was originally introduced in OpenEdge 12.1.

For more information, see "Use deferred logging in PAS for OpenEdge" in Manage Progress Application Server

(PAS) for OpenEdge.

Updated Spring Security JARs

To mitigate the possibility of security vulnerabilities, OpenEdge 11.7.6 includes updated Spring Security JARs. This update allows OpenEdge users to build more secure web applications for PAS for OpenEdge.

To update existing 11.7.x PAS for OpenEdge instances and web applications to use the updated Spring Security JARs:

1. Package the existing OpenEdge 11.7.x instance in a ZIP file, for example, 1175_instance.zip. 2. Copy the ZIP file into the $WRK directory for the PAS for OpenEdge 11.7.6 instances, for example:

C:\OpenEdge\WRK1176.

3. Unzip the file in the OpenEdge 11.7.6 $WRK directory.

4. For each deployed ABL web application deployed to the instance-name/webapps directory, create a backup of the WEB-INF/spring directory, for example:

instance-name/webapps/ROOT/WEB-INF/spring

instance-name/webapps/webapp-name/WEB-INF/spring

OpenEdge collection: New and Revised Features for OpenEdge 11.7.6: Version 11.7.6 10

(11)

5. For each file described in the following table, replace the existing entry with the new entry: New entry Existing entry Filename DEPLOYSVC_JAR= $CATALINA_HOME"/bin/ deploysvc.11.7.6.jar DEPLOYSVC_JAR= "$CATALINA_HOME"/bin/ deploysvc.11.7.5.jar instance-name/ bin/deploysvc.sh set DEPLOYSVC_JAR= %CATALINA_HOME%\bin\ deploysvc.11.7.6.jar set DEPLOYSVC_JAR= %CATALINA_HOME%\bin\ deploysvc.11.7.5.jar instance-name/ bin/deploysvc.bat set DEPLOYSVC_JAR= %CATALINA_HOME%\bin\ deploysvc.11.7.6.jar set DEPLOYSVC_JAR= %CATALINA_HOME%\bin\ deploysvc.11.7.5.jar instance-name/ bin/deploysvcCmd.bat DEPLOYSVC_JAR= $CATALINA_HOME"/bin/ deploysvc.11.7.6.jar DEPLOYSVC_JAR= "$CATALINA_HOME"/bin/ deploysvc.11.7.5.jar instance-name/ bin/deploysvcCmd.sh set OEPROP_JAR= %CATALINA_HOME%\bin\ oeprop.11.7.6.jar set OEPROP_JAR= %CATALINA_HOME%\bin\ oeprop.11.7.5.jar instance-name/ bin/oeprop.bat OEPROP_JAR= "$CATALINA_HOME"/bin/ oeprop.11.7.6.jar OEPROP_JAR= "$CATALINA_HOME"/bin/ oeprop.11.7.5.jar instance-name/ bin/oeprop.sh set OEPROP_JAR= %CATALINA_HOME%\bin\ oeprop.11.7.6.jar set OEPROP_JAR= %CATALINA_HOME%\bin\ oeprop.11.7.5.jar instance-name/ bin/oepropCmd.bat OEPROP_JAR= "$CATALINA_HOME"/bin/ oeprop.11.7.6.jar OEPROP_JAR= "$CATALINA_HOME"/bin/ oeprop.11.7.5.jar instance-name/ bin/oepropCmd.sh OpenEdge-version: 11.7.6 OpenEdge-version: 11.7.5 instance-name/webapps/ ROOT/META-INF/MANIFEST.MF

Note: You can choose to only update the .bat or .sh files based on your operating system.

6. Complete the following step based on the condition that applies to your environment:

Case 1—If you have not made any changes in XML files for any web application in the /webapps directory, follow these steps:

(12)

Replace all of the files in the instance-name/webapps/ROOT/WEB-INF/spring directory with the files from the OpenEdge 11.7.6 installation directory

($DLC/servers/pasoe/webapps/ROOT/WEB-INF/spring). 1.

2. Replace all of the files in the instance-name/webapps/webapp-name/WEB-INF/spring directory with the files from the OpenEdge 11.7.6 installation directory

($DLC/servers/pasoe/webapps/ROOT/WEB-INF/spring) for each OpenEdge ABL web application deployed to the instance.

3. If you have migrate an oeauthserver instance into the OpenEdge 11.7.6 work directory, replace all the files under 1176_WRKDIR/oeauthserver/webapps/ROOT/WEB-INF with latest files from the$DLC/servers/pasoe/extras/oests/WEB-INF directory.

4. If you have the oemanager web aplication deployed on the migrated instance, extract the

$DLC/servers/pasoe/extras/oemanager.war file into the webapps/oemanager directory. In the WEB-INF directory of the oemanager application, replace the following files with the latest versions that you extracted from $DLC/servers/pasoe/extras/oemanager.war :

oemgrSecurity-anonymous.xml, oemgrSecurity-basic-ldap.xml, oemgrSecurity-basic-local.xml, oemgrSecurity-basic-oerealm.xml, oemgrSecurity-container.xml, oemgrSecurity-form-local.xml.

5. If you have the wscgi web application deployed on the migrated instance, extract the

$DLC/servers/pasoe/extras/wscgi.war into the webapps/wscgi directory. Replace all the files (cgiSecurity-anonymous.xml, cgiSecurity-basic-local.xml,

cgiSecurity-form-local.xml) in webapps/wscgi/WEB-INF with the corresponding latest files from the $DLC/servers/pasoe/extras/wscgi/WEB-INF directory.

Case 2—If you have made changes to any XML file in any web application in the /webapps directory, follow these steps:

1. Follow all the steps described in Case 1.

2. After replacing all Spring XML files with the latest XML files from the OpenEdge 11.7.6 $DLC, manually merge the customizations from your file backups into the updated XML files.

7. Register the 11.7.x instance with OpenEdge 11.7.6 using PASMAN register, for example:

pasman register 1176_instance C:/OpenEdge/WRK1176/1175_instance

Note: For more information about registering instances, see Register an instance for tracking (register).

8. Verify that the instance is registered by using the following command:

pasman instances

9. Start the instance using OpenEdge 11.7.6, for example:

pasman start -I 1176_instance

OpenEdge collection: New and Revised Features for OpenEdge 11.7.6: Version 11.7.6 12

(13)

Migrate OpenEdge REST applications

Progress recommends using Progress Developer Studio for OpenEdge (PDSOE) to migrate existing REST applications from 11.7.x to 11.7.6. PDSOE automatically provides the new Spring updates, which are less vulnerable.

Using PDSOE, all existing applications in 11.7.x must re-deployed to the instance in 11.7.6 PDSOE.

Migrate OpenEdge SOAP applications

To migrate existing 11.7.x PAS for OpenEdge SOAP applications to version 11.7.6, update the hostname under the soap:address section in

instance-name/webapps/ROOT/WEB-INF/adapters/soap/ROOT/Soapservice-name.wsdl file.The wsdl file contains the old machine (11.7.x) hostname. Replace it with new machine (11.7.6) hostname.

Migrate ABL applications

Due to security vulnerabilities found in third-party JARs that are present in earlier OpenEdge 11.7 releases, these third-party JARs have been upgraded in OpenEdge 11.7.6 to mitigate security vulnerabilities. This helps our customers build more secure web applications with the classic OpenEdge AppServer.

To make this upgrade, Spring XML configurations have been updated. There is no impact for existing applications or migrated applications as is. The impact will be there if customer would like to use the new capabilities of 11.7.6.

This document provides detailed steps which will be useful to customers to migrate their rest applications in 11.7.x to 11.7.6 (latest OpenEdge Release).

There are three use cases for REST application migration from previous releases of OpenEdge:

Case 1—Creation of a new Rest Application in Progress Developer Studio for OpenEdge (PDSOE) to be deployed on the Classic Appserver:

There is no impact on the creation of a new REST Application with PDSOE, and can be deployed to the Classic Appserver.

Case 2—Migrating an existing REST Application from 11.7.x to 11.7.6:

There is no impact on deploying existing an REST Application WAR in the OpenEdge 11.7.6 Classic Appserver.

Case 3—Update services in existing (11.7.x) WAR file:

There is an impact on these updated services. You must do the following: 1. Regenerate the REST Application WAR file from PDSOE.

2. Republish the application using PDSOE.

(14)

New Relic Plugins

The 2020.1.0 NewRelic APM plug-ins can now be leveraged to monitor 11.7.6 OpenEdge databases and PAS for OpenEdge instances. The New Relic plug-ins are available in OpenEdge Management.

Install and configure the New Relic plugin for the OpenEdge

database

The New Relic Plugin for the OpenEdge database is a great choice for displaying and sharing critical information about database performance with your stakeholders. With the New Relic Plugin for the OpenEdge database, you can capture, view, and monitor your database performance metrics. As an administrator, you can configure the performance metrics that are essential to your business.

The New Relic Plugin for the OpenEdge database can be installed on both Windows and OpenEdge supported UNIX platforms. You can edit the metrics.regex property in the oedbnr.properties file, and specify the metrics that are important for your business.

The New Relic Plugin for the OpenEdge database captures the folloing metrics:

Activity Summary

AI Activity

BI Activity

Buffer Activity

Record Activity

To install the New Relic Plugin for the OpenEdge database:

OpenEdge collection: New and Revised Features for OpenEdge 11.7.6: Version 11.7.6 14

(15)

1. Download the oedbnr-2020.1.0-release.zip file from https://www.progress.com/esd. Note: The oedbnr filename includes the release information which changes periodically.

2. Extract the contents of the zip file to any directory on your machine. The zip file contains the following folders and files:

1. lib—A folder that contains Java libraries, including third-party libraries that implement the New Relic Plugin for the OpenEdge database.

2. native_libs—A folder that contains native libraries used by the plugin.

3. console-logging—A logback configuration file used to format output for the command line.

4. daemon-logging—A logback configuration file that the daemon process uses to format the oedbnr.log file. When the plugin is running as a background daemon process, log information is written to the oedbnr.log file.

To adjust the logging level of the daemon or to change the log filename, edit the daemon-logging.xml file. The plugin uses the logback Java logging library, which means the daemon-logging.xml file is formatted according to the logback specifications.

5. oedbnr.properties—A Java properties file. You must make some changes to the file before the plugin can be run. At a minimum, you must provide your New Relic license key and the connection parameters for the database you want to monitor. This configuration file provides instructions in the comments that explain how the properties must be configured.

6. start-newrelic—Starts the New Relic Plugin for the OpenEdge database. 7. stop-newrelic—Stops the New Relic Plugin for the OpenEdge database.

3. Edit the oedbnr.properties file, and provide the following information for each property: a. license.key—The New Relic license key.

Note: Progress software does not provide this password and you should acquire the license key after signing up for a New Relic.

b. agent.name—The agent name of the database, if any. If an agent name is not provided, then the New Relic Plugin uses the database name.

c. schedule—The time interval that the New Relic Plugin works in conjunction with the duration property. Note: It is recommended that that you do not poll more than 2 times per minute. By default, the plugin is configured to generate metrics once per minute.

d. duration—The time interval in [seconds] [minutes] [hours] [days]. This property works in conjunction with the schedule property.

e. metrics.regex—When left blank, this file captures all the defined metrics. You can specify a regular expression (regex) to ensure that only the specified database performance metrics whose names match the pattern you have configured are posted.

f. db.name—The name of the database that is monitored. g. db.host—The IP address of the database host.

h. db.port—The port that the database is running on.

(16)

i. db.user—The username for the database. j. db.password—The password for the database.

Note: The password can be in cleartext or encoded using the genpassword utility, which is a passowrd encryption utility provided with the OpenEdge database. (The supported encryption algorithms are: ae1, ae2, nopr0, odeb0, oech1, oebp.)

k. db.otherargs—Any other optional parameters for the database connection, separated by a semicolon (;).

4. Start the New Relic Plugin for the OpenEdge database.

Note: The start and stop scripts can be run in the Proenv utility or from any other command line. Progress recommends that you run these scripts from the proenv prompt because it uses the OpenEdge database’s JDK. Running these scripts in another command line uses the Java System class.

The New Relic Plugin for the OpenEdge database runs as a daemon process. Scripts for both Windows and UNIX are provided in the oedbnr zip file. To start the daemon process, run the start-newrelic.sh or start-newrelic.bat file, as appropriate.

On UNIX, modify the permissions of the start-newrelic.sh and stop-newrelic.sh scripts. Use the chmod +x *.sh command to add executable permissions to these scripts.

The New Relic Plugin for the OpenEdge database captures and reports metrics to the database dashboard and sends the metrics to New Relic only when the database is running.

Note:

1. Your database does not need to be running to start the plugin.

2. Only one copy of the plugin can run at a time for each database instance, to prevent sending data to New Relic too often.

OpenEdge collection: New and Revised Features for OpenEdge 11.7.6: Version 11.7.6 16

(17)

5. Log in to the New Relic website and view the dashboard for the OpenEdge database metrics.

Note: The New Relic Plugin for the OpenEdge database polls and captures the metrics, even when the New Relic website is down. However, the metrics are aggregated and are posted to the OpenEdge database dashboard when the New Relic website becomes available.

6. Stop the New Relic plugin for the OpenEdge database by running either the stop-newrelic.sh or stop-newrelic.bat file.

The New Relic Plugin for the OpenEdge database maintains a file in the installation directory named new-relic-plugin.pid. This file contains the OS process ID for the New Relic Plugin for the OpenEdge database.

The plugin supports the following options and commands for the start-newrelic.sh script: start-newrelic.sh [options] <command>

You can use these options:

-config—The path to the configuration file. If the path is not specified, then the default is ./oedbnr/properties.

-newrelicurl—The URL to the New Relic metric API. This API us ised to test error handing. You can assign the <command> parameter one of the following values:

daemon—Starts the New relic Plugin in daemon mode.

status—Shows the status of the New Relic Plugin process.

help—Displays the help information.

Install and configure the New Relic plugin for PAS for OpenEdge

The New Relic Plugin for PAS for OpenEdge is a great choice for displaying and sharing critical information about PAS for OpenEdge performance with your stakeholders. With the New Relic Plugin for PAS for OpenEdge, you can capture, view, and monitor your PAS instance performance metrics. As an administrator, you can configure the performance metrics that are essential to your business.

The New Relic Plugin for PAS for OpenEdge can be installed on both Windows and UNIX platforms. You can edit the metrics.regex property in the pasoenr.properties file, and specify the metrics that are important for your business.

The New Relic Plugin for PAS for OpenEdge captures the following metrics:

Agent metrics for ABL applications.

Request metrics for ABL applications.

Session metrics for ABL applications.

Connection metrics for ABL applications.

Transport metrics for web applications associated with an ABL application. This can be any of the supported transports, such as REST, SOAP, WEB, and APSV.

To install the New Relic Plugin PAS for OpenEdge:

(18)

1. Download the pasoenr-2018.4.0-release.zip file from https://www.progress.com/esd. Note: The pasoenr filename includes the release information which changes periodically.

2. Extract the contents of the zip file to any directory on your machine. The zip file contains the following folders and files:

1. lib—A folder that contains Java libraries, including third-party libraries that implement the New Relic Plugin for PAS for OpenEdge.

2. console-logging—A logback configuration file used to format output for the command line.

3. daemon-logging—A logback configuration file that the daemon process uses to format the pasoenr.log file. When the plugin is running as a background daemon process, log information is written to the pasoenr.log file.

To adjust the logging level of the daemon or to change the log filename, edit the daemon-logging.xml file. The plugin uses the logback Java logging library, which means the daemon-logging.xml file is formatted according to the logback specifications.

4. pasoenr.properties—A Java properties file. You must make some changes to the file before the plugin can be run. At a minimum, you must provide your New Relic license key and the installation directory of the PAS instance that you want to monitor. This configuration file provides instructions in the comments that explain how the properties must be configured.

5. start-newrelic—Starts the New Relic Plugin for PAS for OpenEdge.. 6. stop-newrelic—Stops the New Relic Plugin for PAS for OpenEdge.

3. Edit the pasoenr.properties file, and provide the following information for each property:

a. pas.dir—The location of the PAS for OpenEdge instance that you want to monitor. This value is the absolute path to the location of your PAS for OpenEdge instance.

b. license.key—The New Relic license key.

Note: Progress software does not provide this password and you should acquire the license key after signing up for a New Relic.

c. agent.name—The agent name of the PAS for OpenEdge instance, if any. If an agent name is not provided, then the New Relic Plugin uses the PAS instance name.

d. schedule—The time interval that the New Relic Plugin works in conjunction with the duration property. Note: It is recommended that that you do not poll more than 2 times per minute. By default, the plugin is configured to generate metrics once per minute.

e. duration—The time interval in [seconds] [minutes] [hours] [days]. This property works in conjunction with the schedule property.

f. metrics.regex—When left blank, this file captures all the defined metrics. You can specify a regular expression (regex) to ensure that only the specified database performance metrics whose names match the pattern you have configured are posted.

g. jmx.url—If you are using a remote Java Management Extensions (JMX) connection to a PAS for OpenEdge instance, enable the JMXLifecycle feature, and provide the URL that the New Relic Plugin for PAS for OpenEdge uses to connect to the PAS for OpenEdge instance. If you are using a local JMX connection, do not provide this information.

OpenEdge collection: New and Revised Features for OpenEdge 11.7.6: Version 11.7.6 18

(19)

h. jmx.user—User name for connecting to PAS for OpenEdge through JMX. The user name is required if JMX is enabled with authentication for the PAS for OpenEdge instance.

i. jmx.password—Password for connecting to PAS for OpenEdge through JMX. The password is required if JMX is enabled with authentication for the PAS for OpenEdge instance.

4. Include the java.rmi.server.hostname property in the catalina.properties file for your PAS for OpenEdge instance, and set the property to your hostname. (This is an optional step, and applicable only if you use remote JMX.)

5. Start the New Relic Plugin for PAS for OpenEdge.

Note: The start and stop scripts can be run in the proenv utility or from any other command line. Progress recommends that you run these scripts from the proenv prompt because it uses the OpenEdge database’s JDK. Running these scripts in another command line uses the Java System class.

The New Relic Plugin for the OpenEdge database runs as a daemon process. Scripts for both Windows and UNIX are provided in the pasoenr zip file. To start the daemon process, run the start-newrelic.sh or start-newrelic.bat file, as appropriate.

On UNIX, modify the permissions of the start-newrelic.sh and stop-newrelic.sh scripts. Use the chmod +x *.sh command to add executable permissions to these scripts.

The New Relic Plugin for PAS for OpenEdge captures and reports a set of metrics to the PAS for OpenEdge dashboard to New Relic only when the PAS instance is running. The plugin uses the JMX API exposed by PAS for OpenEdge. You do not need to enable remote JMX access for PAS for OpenEdge.

Note:

1. Your PAS for OpenEdge instance does not need to be running to start the plugin.

2. Only one copy of the plugin can run at a time for each PAS for OpenEdge instance to prevent sending data to New Relic too often.

(20)

6. Log in to the New Relic website and view the dashboard for PAS for OpenEdge metrics.

Note: The New Relic Plugin for PAS for OpenEdge polls and captures the metrics, even when the New Relic website is down. However, the metrics are aggregated and are posted to the PAS for OpenEdge dashboard when the New Relic website becomes available.

7. Stop the New Relic plugin for PAS for OpenEdge by running either the stop-newrelic.sh or stop-newrelic.bat file.

The New Relic Plugin for PAS for OpenEdge maintains a file in the PASOE temp directory named new-relic-plugin.pid. This file contains the OS process ID for the New Relic Plugin for PAS for OpenEdge.

The plugin supports the following options and commands for the start-newrelic.sh script: start-newrelic.sh [options] <command>

Note: If the PAS for OpenEdge instance is running as a different user from the plugin, the plugin cannot connect to the PAS instance. Therefore, it is important that both the PAS instance and the plugin are started by the same user account. If you must run the PAS instance with a different user account than the plugin, edit the jmx.url, jmx.user, and jmx.password properties, as shown in Steps 3 (g), (h), and (i).

You can use these options:

-config—The path to the configuration file. If the path is not specified, then the default is ./pasoenr.properties.

-newrelicurl—The URL to the New Relic metric API. This API us ised to test error handing.

-installdir: The path to New Relic Plugin installation directory. If the path is not provided, then the current directory or the location of the properties file is used.

You can assign the command parameter one of the following values:

daemon—Starts the New relic Plugin in daemon mode.

status—Shows the status of the New Relic Plugin process.

help—Displays the help information.

Updated GENSPRINGPWD utility for PAS for

OpenEdge

In OpenEdge 11.7.6, the GENSPRINGPWD utility has been updated to the same encryption algorithm and syntax as the GENSPRINGPWD utility in OpenEdge 12.

For more information, see Generate encrypted passwords with GENSPRINGPWD.

OpenEdge collection: New and Revised Features for OpenEdge 11.7.6: Version 11.7.6 20

(21)

Updated EncodePassword utility for the Classic

AppServer

In OpenEdge 11.7.6, the EncodePassword utility has been updated and requires different configuration steps from the previous versions of OpenEdge.

For more information, see:

Set hashed and salted passwords using EncodePassword on page 21

Encrypt a password shared by REST Management Agent and REST web application on page 22

Set hashed and salted passwords using EncodePassword

Progress Software recommends that you use the EncodePassword utility to generate encrypted passwords. You can add user accounts with hashed and salted passwords in the users.properties file.

EncodePassword is only available for REST Web applications developed in OpenEdge 11.4 or later releases For more information on adding user accounts, see Adding and modifying a user. For more information on hash and salt, refer to the hash and salt cryptography references online.

To use the EncodePassword utility to implement hash user passwords for a REST web application, myApplication:

1. Navigate to the WEB-INF directory of the REST web application, myApplication:

CD path-to\Progress\OpenEdge\servers\tomcat\webapps\myApplication\WEB-INF\

2. Execute EncodePassword located in the REST Web application specifying the the desired password to be encrypted, newpassword:

EncodePassword -A bcrypt -P newpassword

You receive the following output:

appSecurity bcrypt password:

$2a$10$z1U2TV4csxAGRbZEeFeOounDhy65RTAmM9k7QJb6txz8XUIYg8spC OERM oech1 password : 3e373837333620243f202b

The encoded password for the user, newuser, is

$2a$10$z1U2TV4csxAGRbZEeFeOounDhy65RTAmM9k7QJb6txz8XUIYg8spC. This example uses the bcrypt algorithm to hash the password string.

The EncodePassword utility generates another password, 3e373837333620243f202b, using the OpenEdge encryption algorithm, oech1, for encrypting the shared password used between the OpenEdge REST Management Agent and the OpenEdge REST web applications. For more information on where and how to use and encrypt a password, see Encrypt a password shared by REST Management Agent and REST web application on page 22.

3. Open the security configuration file you chose in Choosing and applying a security configuration and uncomment the code snippet that implements password hashing in REST Web application.

(22)

For example, assume that you are using the Basic security configuration, appSecurity-basic-local.xml. Do the following:

1. Navigate to and uncomment the code snippet in bold in appSecurity-basic-local.xml:

<authentication-manager id="RestApplicationtAuth" <authentication-provider>

<password-encoder ref="noopEncoder" />

<!-- Uncomment following and comment above password encoder to add strong password encoder users.properties (bcrypt password) use EncodePassword for the same

<password-encoder ref="bcryptEncoder" /> -->

<user-service properties="/WEB-INF/users.properties" /> </authentication-provider>

</authentication-manager>

After uncommenting, the code snippet must look as follows:

<authentication-manager id="RestApplicationtAuth" <authentication-provider> <!-- <password-encoder ref="noopEncoder" /> --> <password-encoder ref="bcryptEncoder" > </password-encoder> <user-service properties="/WEB-INF/users.properties" /> </authentication-provider> </authentication-manager>

2. Save the security configuration file.

4. Add the new user, newuser, and the encoded password you generated in Step 2, to the users.properties file by appending the following line of code to it:

newuser=$2a$10$z1U2TV4csxAGRbZEeFeOounDhy65RTAmM9k7QJb6txz8XUIYg8spC,ROLE_PSCAdmin,enabled

In this example, you assigned the existing ROLE_PSCAdmin role to the user, newuser, and enabled newuser to work with the REST Management Agent.

Note: The users.properties file cannot store plain text and encoded passwords. Therefore, before adding a new user with an encoded password, you must ensure that all the other users have encoded passwords.

5. Save and close the users.properties file.

Encrypt a password shared by REST Management Agent and REST

web application

The REST Management Agent uses the /adapterman URI to communicate with REST Web applications. The /adapterman URI is to be used only in OpenEdge as a cross-context communication port. For security, the /adapterman URI has its own security configuration that comprises a shared password used between the OpenEdge REST Management Agent and OpenEdge REST Web applications.

OpenEdge collection: New and Revised Features for OpenEdge 11.7.6: Version 11.7.6 22

(23)

In a production environment, the /adapterman URI is secured with the shared password. The password does not have to be modified as it is consumed by the OpenEdge REST Management Agent and OpenEdge REST web application. However, as part of advanced security measures for the REST web application, you can encrypt the shared password.

To encrypt the shared password, do the following:

1. Generate a hashed and salted password for a REST Web application user using the EncodePassword utility. The utility provides two passwords, one for the REST Web application user, and another for the REST Management Agent.

For more information on generating hashed passwords, see Set hashed and salted passwords using EncodePassword on page 21.

For example, if the EncodePassword utility gives the following output when generating a password for a user:

appSecurity bcrypt password:

$2a$10$z1U2TV4csxAGRbZEeFeOounDhy65RTAmM9k7QJb6txz8XUIYg8spC OERM oech1 password: 3e373837333620243f202b

The password, 3e373837333620243f202b, generated using the OpenEdge encryption algorithm, oech1, is required for encrypting the shared password used between the OpenEdge REST Management Agent and the OpenEdge REST Web applications.

2. Open the web.xml file in the REST Management Agent in a text editor, look for the following code snippet:

<context-param> <param-name>adaptermanID</param-name> <param-value>C62384a0F1516B00</param-value> </context-param> <context-param> <param-name>adaptermanSecret</param-name> <param-value>1f177e7600202027731f2e293322362174</param-value> </context-param>

Replace the param-value of adaptermanID with the new user name and adaptermanSecret with new oech1 encoded password. Extending the example discussed in Step 1, you must make changes, as highlighted: <context-param> <param-name>adaptermanID</param-name> <param-value>newuser</param-value> </context-param> <context-param> <param-name>adaptermanSecret</param-name> <param-value>3e373837333620243f202b</param-value> </context-param>

3. Open the security configuration file, appSecurity-xxxx.xml, of your REST Web application and uncomment the code snippet to implement password hashing in it.

Extending the example discussed in Step 1, if you are using the security configuration, appSecurity-anonymous.xml, for your REST Web application. Do the following:

(24)

a. Find the <authentication-manager id="RestManagerAuth" > code snippet and make the updates highlighted and the encryption algorithm employed by default is bcryptEncoder and the newly generated user name (in this case, newuser) and password (in this case, newuser):

<!-- REST Manager access -->

<authentication-manager id="RestManagerAuth" > <authentication-provider> <password-encoder ref="bcryptEncoder" /> <user-service> <user name="newuser" password=" $2a$10$z1U2TV4csxAGRbZEeFeOounDhy65RTAmM9k7QJb6txz8XUIYg8spC" authorities="ROLE_PSCAdapter" /> </user-service> </authentication-provider> </authentication-manager>

b. Save the security configuration file.

4. Restart the web server, and then re-enable the deployed REST web application.

OpenEdge collection: New and Revised Features for OpenEdge 11.7.6: Version 11.7.6 24

References

Download now ( PDF - 24 Page - 135.21 KB )

Related documents

Pacific Application Server for OpenEdge: Getting Started. Progress OpenEdge 11.5 Workshop

 Pacific Application Server for OpenEdge brings OpenEdge AppServer functionality.. into

Optimal Tariffs with FDI: The Evidence

We provided a theoretical model based off of Blanchard (2010) along with theoretical intuition by Cole and Davies (2011) and Ellingsen and W¨ arneryd (1999) that predicts the

8-hydroxyquinoline-modified clay incorporated in an epoxy coating for the corrosion protection of carbon steel

showing similar barrier properties. From the impedance data, the complex capacitance diagrams can be obtained to determine the dielectric constant of the epoxy coatings as a

OpenEdge Research & Development Group April 2015

counterfeit fraud, so merchants processing cards using EMV-enabled card readers and using proper procedures are not liable for losses if counterfeit cards are used..

Next Generation Rainfall Data 1. Brian C. Hoblit (1), David C. Curtis, Ph.D. (2)

Table 3 shows the summary of the basin average rainfall comparison between the rain gages using Thiessen polygon weighting and the estimates using the gage-adjusted radar rainfall

PROGRESS OPENEDGE PRO2 DATA REPLICATION

The Pro2 replication suite makes replicating data from Progress to SQL Server and Oracle easy while minimizing risks and reducing

Telerik: Develop Experiences

Mobile device HTML5 JavaScript CSS OpenEdge JSDO HTML5 browser HTML5 JavaScript CSS OpenEdge JSDO HTML5 JavaScript CSS OE JSDO Mobile App Web App GET HTTP(S)

The End of the Road: Joseph Furphy and Tom Collins in Western Australia

Furphy’s last home, the cottage he built, was given by Sam Furphy to the Western Australian branch of the Federation of Australian Writers (FAWWA); he then established a