TIBCO ActiveMatrix BusinessWorks Service Engine 5.10.0, TIB_amx_3.2.0_hotfix007, is now available.
Article ID: KB0104510
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks Service Engine | - |
| Not Applicable | - |
Description
Description:
The patch can be downloaded from the TIBCO Support ftp server, support-ftp.tibco.com. Please use your eSupport username and password to access the server. After connecting, go to /available_downloads/ActiveMatrix/BusinessWorksServiceEngine/5.10.0/TIB_amx_3.2.0_hotfix007/ to download the appropriate hotfix for your OS/platform.
This hotfix applies to TIBCO ActiveMatrix BusinessWorks Service Engine 5.10.0
with hotfix-01 and above
Closed Issues in 3.2.0_hotfix007 (This Release)
This hotfix contain fixes that apply to the following types of installations:
- Administration
- Runtime Host
- TIBCO Business Studio
AMRP-4712
Messages are no longer delivered repeatedly to error queue in case of Mediation timeout.
AMRP-4759
The SystemNode no longer hangs and gets stuck in Starting state during an
upgrade. This occurred because the node was prematurely processing the RDA
command before the RDA command file was written to disk. The node no longer
prematurely reads the RDA command file to prevent this issue.
BJMS-1561
If the temporary reply destination on the service side is invalid, the JMS binding
reply delivery no longer goes into an infinite loop.
BJMS-1562
Requests with multiple operations are no longer intermittently routed to
incorrect operations.
DSS-808
An incorrect signature is no longer chosen for the authenticated principle when a
message has both valid sender-vouches and holder-of-key signatures.
DSS-822
Kerberos-authenticated security context is now correctly propagated across
virtualized bindings
PER-1793/PER-1908
Now there is more information available related PER-1908 that was fixed in
3.2.0_hotfix006. See below for information on configuring the appearance
of Nonce and Created elements in the UsernameToken element when a Basic
Credential Mapping or WS-Security Credential Mapping policy was used to insert a
UsernameToken in a SOAP security header.
With closed issue PER-1793 in 3.2.0_hotfix002, the Nonce and Created elements
always appeared in the UsernameToken element. With closed issue PER-1908
in 3.2.0_hotfix006, the Nonce and Created elements can be disabled.
You can disable the Nonce and Created elements by copying the template below and
modifying the parameters appropriately. See the Policy Sets, Policy Templates
Reference section in the Composite Development guide for TIBCO ActiveMatrix (R)
Service Grid or TIBCO ActiveMatrix Service Bus for more information about
configuring policy sets.
The sample Basic Credential Mapping policy below generates the UsernameToken
without the Nonce and Created elements.
<?xml version="1.0" encoding="UTF-8"?>
<ep:policySetContainer xmlns:ep="
http://xsd.tns.tibco.com/amf/models/externalpolicy"
xmlns:sca="http://www.osoa.org/xmlns/sca/1.0"
xmlns:scaext="http://xsd.tns.tibco.com/amf/models/sca/extensions"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wssp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0
.xsd"
xmlns:tpa="http://xsd.tns.tibco.com/governance/policy/action/2009"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:tpc="http://xsd.tns.tibco.com/governance/policy/common/2009"
xmlns:jmsbt="http://xsd.tns.tibco.com/amf/models/sca/bindingtype/jms"
xmlns:soapbt="http://xsd.tns.tibco.com/amf/models/sca/binding/soap"
xmlns:webapp="
http://xsd.tns.tibco.com/amf/models/sca/implementationtype/webapp"
targetNamespace="http://www.example.org">
<!-- add the policy sets here -->
<sca:policySet name="CredentialMappingUsernameToken"
provides="scaext:clientAuthentication.usernameToken"
appliesTo="soapbt:binding.soap.service">
<wsp:Policy template="tpt:WssConsumer" xmlns:tpt="
http://xsd.tns.tibco.com/governance/policy/template/2009">
<wsp:All>
<wsp:Policy>
<wsp:All>
<tpa:CredentialMapping>
<tpa:Fixed>
<wssp:UsernameToken>
<wsse:Username>schalla</wsse:Username>
<wsse:Password>password</wsse:Password>
</wssp:UsernameToken>
<tpa:IdentityProvider
ResourceInstance="IdPasswordProvider" />
</tpa:Fixed>
<wssp:SupportingTokens>
<wssp:UsernameToken>
<tpa:NoNonce/>
</wssp:UsernameToken>
</wssp:SupportingTokens>
</tpa:CredentialMapping>
</wsp:All>
</wsp:Policy>
</wsp:All>
</wsp:Policy>
</sca:policySet>
</ep:policySetContainer>
SDS-6797
TIBCO Business Studio can now be used with Oracle Java Runtime Environment 1.7.
When importing projects from ActiveMatrix 3.2.0 or 3.1.X for the first time,
an error will be reported but a Quickfix ("JAR file incompatible with JRE/JDK
1.7 due to containing entries with empty name") will be available to repair the
offending JAR file(s).
SDS-6926
If TIBCO Business Studio fails to start after upgrading the Oracle Java Runtime
Environment to 1.7 on a Windows 64-bit system, the following steps can be
taken to correct it:
1. Open a terminal window and change to:
"<TIBCO_HOME>\studio\3.6\eclipse"
2. Make backup copies of the following files:
- amx_eclipse_ant.tra
- TIBCOBusinessStudio.ini
3. Edit the same files (amx_eclipse_ant.tra and TIBCOBusinessStudio.ini) and
change all references of "bin/client/jvm.dll" to "bin/javaw.exe".
TAP-12454
Upgrading an application twice no longer results in a NullPointerException.
TAP-12779
Upgrading an application no longer fails if the user is not granted the
"Create Resource Template" permission. New resource templates are imported
while upgrading an application, provided the user is granted
'Create Resource Template' permission. Warnings are displayed for the
Application upgrade if there are new resource templates in a DAA but
the user had not been granted the permission.
In addition, existing resource templates are no longer overwritten with
those from the DAA, while upgrading an application.
TAP-12837
Deleting a node no longer fails with an integrity constraint violation
error that manifests with the error: "ConstraintViolationException:
could not delete: RequiredCapability#179".
TAP-12892
The configuration property "User Attribute with Group Names" of the LDAP Authentication
resource template is now saved and applied correctly.
Note: If the 'User has groups' option is selected in LDAPAuthentication Resource Template,
you must escape commas when specifying group names in the configuration field "Roles" which
is under ?Governance -> Governance Control? of type ?Authorization by Role? in TIBCO ActiveMatrix
Policy Director. For example: CN=Managers\,OU=Groups\,O=Company.
TAP-12928
The Messaging Bus configuration can now be changed for an environment after
upgrading from TIBCO ActiveMatrix version 3.1.5 to version 3.2.0. While this
change can be normally done from Admin UI, you may see an error while viewing
the Messaging Bus configuration from the UI (this error occurs in a few cases
after the upgrade). If you have this situation, you must perform the change from
an Admin CLI script. After running the CLI script once successfully, subsequent
changes can be done from the Admin UI as the display error will no longer occur.
To change the Messaging Bus configuration from Admin CLI, the high-level steps are:
A. Gather Messaging Bus configuration details from a node log.
B. Specify the messaging bus configuration details in the CLI script - environment_data.xml.
C. Execute the CLI script to update the Messaging Bus.
Below are the detailed steps:
1. Pick any Node in the environment whose messaging bus configuration you wish to change.
On the Node's machine, locate the node's log file in the path:
<CONFIG_HOME>/tibcohost/<TH_INSTANCE>/data_3.2.x/nodes/<NODE>/logs/<NODE>.log
2. Search for the latest occurrence of the following text in the log file:
"java:tibco.admin.default.messagingBus_XA_NonSSL_<ENVIRONMENT> ************"
Or if your EMS is SSL-enabled, search for:
"java:tibco.admin.default.messagingBus_XA_SSL_<ENVIRONMENT> ************"
Example sections are shown below, for both SSL and non-SSL configurations.
You will need to copy certain data from these sections later.
name = ************ java:tibco.admin.default.messagingBus_XA_NonSSL_LogisticsEnvironment ************
resourceAdapterName = svxa.rar
resourceAdapter = svxa.rar
registered = true
bundle = amx.tibcohost.sharedresource.tibco.admin.default.messagingBus_XA_NonSSL_LogisticsEnvironm entLogisticsNode_Two_1.0.0 [405]
state = RUNNING
interfaceType = com.tibco.amf.sharedresource.runtime.core.sv.ems.XAConnectionFactory
references = java:tibco.admin.default.messagingBus_XA_NonSSL_LogisticsEnvironment_passwordCredentialProvider
attributes =
maxOutboundSessionPoolSize = 24
passwordCredentialProvider = java:tibco.admin.default.messagingBus_XA_NonSSL_LogisticsEnvironment_passwordCredentialProvider
maxConnectionPoolSize = 12
reconnectAttemptCount = 30
serverUrl = tcp://localhost:7222
reconnectAttemptDelay = 500
name = ************ java:tibco.admin.default.messagingBus_XA_SSL_LogisticsEnvironment ************
resourceAdapterName = svxa.rar
resourceAdapter = svxa.rar
registered = true
bundle = amx.tibcohost.sharedresource.tibco.admin.default.messagingBus_XA_SSL_LogisticsEnvironmentLogisticsNode_Two_1.0.0 [412]
state = RUNNING
interfaceType = com.tibco.amf.sharedresource.runtime.core.sv.ems.SslXAConnectionFactory
references = java:messageBusSSLProvider
attributes =
maxOutboundSessionPoolSize = 24
maxConnectionPoolSize = 12
clientIdentity = java:messageBusSSLProvider
reconnectAttemptCount = 600
serverUrl = ssl://localhost:7223
reconnectAttemptDelay = 500
3. Change your current directory to <CONFIG_HOME>/admin/dev-enterprise/samples
4. Modify the sample environment_data.xml file with the values gathered from step 1, replacing each {value} represented below.
Non-SSL example data.xml:
<Environment xsi:type="amxdata:Environment" name="<ENVIRONMENT>">
<MessagingBus emsServerURL="{serverUrl}" emsConnectionUsername="<USERNAME>" emsConnectionPassword="<PASSWORD>" outboundSessionPoolSize="{maxOutboundSessionPoolSize}" connectionPoolSize="{maxConnectionPoolSize}" emsReconnectAttemptCount="{reconnectAttemptCount}" emsReconnectAttemptDelay="{reconnectAttemptDelay}"/>
</Environment>
SSL example data.xml:
<Environment xsi:type="amxdata:Environment" name="<ENVIRONMENT>">
<MessagingBus sslEmsServerUrl ="{serverUrl}" emsConnectionUsername="<USERNAME>" emsConnectionPassword="<PASSWORD>" sslClientProvider="{clientIdentity_without_java:_prefix}" outboundSessionPoolSize="{maxOutboundSessionPoolSize}" connectionPoolSize="{maxConnectionPoolSize}" emsReconnectAttemptCount="{reconnectAttemptCount}" emsReconnectAttemptDelay="{reconnectAttemptDelay}"/>
</Environment>
Note that the <USERNAME> and <PASSWORD> is not logged in the node's log file. You must know the
credentials and enter them in this file. <PASSWORD> can be an encrypted value, obtained using the obfuscate_build.xml script.
5. Run the following ant command:
ant -f environment_build.xml setMessagingBus
TAP-12938
TIBCO Policy Director with TIBCO BusinessWorks governance agent no longer
fails to enforce Username Token Authentication because of incorrect
admin_default_keystore URL.
TRUP-364
Publishing to a UDDI registry where bindings are distributed across multiple nodes no longer
results in an exception.
================================================================================
Closed Issues in 3.2.0_hotfix006
AMRP-4649
InvalidTransactionException no longer occurs during the processing of the reply
message when a component that requires a global transaction has a reference that
is virtualized; the transaction is now properly suspended on the request thread
and resumed on the reply thread.
PER-1908
The Nonce and Created elements can now be optionally added when a Basic
Credential Mapping or WSS Credential Mapping policy is used to insert a
UsernameToken in the SOAP security header.
PER-1913
SOAP requests that have a signed SAML token with bearer confirmation method are
now validated correctly.
================================================================================
Closed Issues in 3.2.0_hotfix005
AMX-13875
Installing the hotfix on top of TIBCO BusinessWorks Service Engine installed
with SOA Development profile (Design-time), no longer results in the warning
"ANT Task: Installing TIBCO Business Studio using p2 provisioning has failed".
This issue was introduced with HF-003.
MED-3266
For a one-way MEP operation, invoke tasks on the fault path no longer
fail, and tasks after the invoke task are now processed.
WSBT-828
The "Endpoint URI" field defined in the SOAP Binding with HTTP Transport now may
contain a single token or no token at all, for example, "/sample" or "/".
================================================================================
Closed Issues in 3.2.0_hotfix004
CL-2639
An integrity constraint violation error in the SystemNode.log no longer occurs
when an application uses a log service or payload service created using provided
scripts.
CL-2640
The provided scripts for creating additional log service and payload service
applications no longer fail while installing resource instances.
PER-1786
The Authorization policy template now allows comma separated values in the role
attribute.
TAP-11591
"Force Uninstall" of resource instances no longer fails when applications are
using them.
TAP-11854
Undeploying an application no longer fails with the error "deleted object would
be re-saved by cascade" when Action History shows "In Progress."
TRUP-354
ActiveMatrix services are now published correctly in the registry of TIBCO
ActiveMatrix Lifecycle Governance Registry Foundation.
================================================================================
Closed issues in 3.2.0_hotfix003
AMX-12816
After installing this hotfix on TIBCO ActiveMatrix Administrator SystemNode or
other runtime nodes with Platform Hotfix-001 or Hotfix-002 already installed,
the Hotfix-002 issue fixes will now be in place.
AMX-12817
After installing this hotfix on TIBCO Business Studio with Platform Hotfix-001
or Hotfix-002 already installed, you can now configure a service or r
Environment
Issue/Introduction
Feedback
