Saturday, December 3, 2016

Installing Nginx in MAC OS

You can easily install Nginx with Homebrew and visit the site through


  • Install brew.
          Command: /usr/bin/ruby -e "$(curl -fsSL             

          you can take the command from the brew site and past it in the terminal.
  • Then give the brew command.
           Command :brew
  • Update The brew.    
          Command :brew update  
  • Install the Nginx with brew.
           Command :brew install nginx
  • After install the Nginx run it by
           Command :sudo nginx


       Test the Nginx by going through the http://localhost:8080


       Default place of nginx.conf is on Mac after install with the brew is

       You can change the default 8080 to 80. First you need to stop the server, if its already running.
        sudo nginx -s stop
        vim /usr/local/etc/nginx/nginx.conf

        server {
        listen       8080;
        server_name  localhost;

         #access_log  logs/host.access.log  main;

         location / {
         root   html;
         index  index.html index.htm;
        server {
        listen       80;
        server_name  localhost;

        #access_log  logs/host.access.log  main;

        location / {
        root   html;
        index  index.html index.htm;

Sunday, November 20, 2016

Installing Tomcat 8.5 on macOS 10.12 Sierra

Prerequisite: Java

First we need need to make sure Java is installed by this command javac in terminal.
If its already installed it would get following

Hasunie-MacBook-Pro:bin hasunie$ javac
Usage: javac <options> <source files>
where possible options include:
  -g                         Generate all debugging info
  -g:none                    Generate no debugging info
  -g:{lines,vars,source}     Generate only some debugging info
  -nowarn                    Generate no warnings
  -verbose                   Output messages about what the compiler is doing
  -deprecation               Output source locations where deprecated APIs are used
  -classpath <path>          Specify where to find user class files and annotation processors
  -cp <path>                 Specify where to find user class files and annotation processors
  -sourcepath <path>         Specify where to find input source files
  -bootclasspath <path>      Override location of bootstrap class files
  -extdirs <dirs>            Override location of installed extensions
  -endorseddirs <dirs>       Override location of endorsed standards path
  -proc:{none,only}          Control whether annotation processing and/or compilation is done.
  -processor <class1>[,<class2>,<class3>...] Names of the annotation processors to run; bypasses default discovery process
  -processorpath <path>      Specify where to find annotation processors
  -d <directory>             Specify where to place generated class files
  -s <directory>             Specify where to place generated source files
  -implicit:{none,class}     Specify whether or not to generate class files for implicitly referenced files
  -encoding <encoding>       Specify character encoding used by source files
  -source <release>          Provide source compatibility with specified release
  -target <release>          Generate class files for specific VM version
  -version                   Version information
  -help                      Print a synopsis of standard options
  -Akey[=value]              Options to pass to annotation processors
  -X                         Print a synopsis of nonstandard options
  -J<flag>                   Pass <flag> directly to the runtime system
  -Werror                    Terminate compilation if warnings occur

  @<filename>                Read options and filenames from file

If Its not Installed:
As I’m writing this, Java 1.8.0_101 is the latest version, available for download here:
The JDK installer package come in an dmg and installs easily on the Mac; and after opening the Terminal app again,
java -version
Now shows something like this:
Hasunie-MacBook-Pro:bin hasunie$ java -version
java version "1.7.0_79"
Java(TM) SE Runtime Environment (build 1.7.0_79-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.79-b02, mixed mode)

Note : My java version is still idk 1.7
JAVA_HOME is an important environment variable, not just for Tomcat, and it’s important to get it right. Here is a trick that allows me to keep the environment variable current, even after a Java was installed. In ~/.bash_profile, I set the variable like so:
export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.7.0_79.jdk/Contents/Home
export PATH=$JAVA_HOME/bin:$PATH

Installing Tomcat:
Here are the easy to follow steps to get it up and running on your Mac
  1. Download a binary distribution of the core module: apache-tomcat-8.5.5.tar.gz from here. I picked the tar.gz in Binary Distributions / Core section.
  2. Opening/unarchiving the archive will create a folder structure in your Downloads folder: (btw, this free Unarchiver app is perfect for all kinds of compressed files and superior to the built-in Archive
  3. Open to Terminal app to move the unarchived distribution to /usr/local
    sudo mkdir -p /usr/local
    sudo mv ~/Downloads/apache-tomcat-8.5.5 /usr/local
  4. To make it easy to replace this release with future releases, we are going to create a symbolic link that we are going to use when referring to Tomcat (after removing the old link, you might have from installing a previous version):
    sudo rm -f /Library/Tomcat
    sudo ln -s /usr/local/apache-tomcat-8.5.5 /Library/Tomcat
  5. Change ownership of the /Library/Tomcat folder hierarchy:
    sudo chown -R <your_username> /Library/Tomcat
  6. Make all scripts executable:
    sudo chmod +x /Library/Tomcat/bin/*.sh

  1. After the 1 st Step Rename the apache-tomcat-8.5.5 to Tomcat and copy it inside to the /Library  folder
  2. Start the server by giving
     Hasunie-MacBook-Pro:bin hasunie$ /Library/Tomcat/bin/
Using CATALINA_BASE:   /Library/Tomcat
Using CATALINA_HOME:   /Library/Tomcat
Using CATALINA_TMPDIR: /Library/Tomcat/temp
Using JRE_HOME:        /Library/Java/JavaVirtualMachines/jdk1.7.0_79.jdk/Contents/Home
Using CLASSPATH:       /Library/Tomcat/bin/bootstrap.jar:/Library/Tomcat/bin/tomcat-juli.jar
Tomcat started.
       3.Then you could be able to see the tomcat home page from


Friday, July 1, 2016

Reporting critical events of the user's Android device via wso2 EMM

When managing devices the administrator must be notified of events occurring on the user's devices that reduce the effectiveness and efficiency of the tasks performed by a device, so that he/she can take immediate action and correct it. For example, if a cooperate application is utilizing a high CPU or memory percentage, you as the admin can stop that application from running or uninstall and re-install the application again on the user's device.

In WSO2 EMM all such events are captured and published to WSO2 Data Analytics Server (WSO2 DAS).

Android agent is capable of sending out critical events to WSO2 DAS server and new event listeners can be plugged in to the Android agent.
you can go through  here to get more detail.
In this section lets take a look the behavior of this feature.

1. Configure the EMM server to enable event publishing in wso2 DAS.
2. Create stream and receiver to publish events in WSo2 DAS.
1. First you need to enroll the android device in WSo2 EMM server.
2. How to trigger the alert.
3. retrieve the published events.
5. Curl command
    i.  Publish event.
    ii. Retrieve the published events.

Configure the EMM server to enable event publishing in wso2 DAS.

1. Download the WSo2 DAS from here
2. Since wso2 EMM server and wso2 DAS server is starting up in same time,port conflict issue might be occurred, so Port offset WSO2 DAS by 1 and start the server. There are two ways to set an offset to a port
  • Pass the port offset to the server during startup. The following command starts the server with the default port incremented by 1.
         ./ -DportOffset=1
  • Set the Ports section of the <EMM_HOME>/repository/conf/carbon.xml file as follows: <Offset>1</Offset>
    Once you have port offset start WSO2 DAS using the following command.

3. Configure the device-analytics-config.xml file that is in the <EMM_HOME>/repository/conf/etc directory.

    Enable the settings by assigning true as the value within the <Enabled> tag.

    ReceiverServerURL: The URL must be in the protocol://hostname:port format. Since you port offset WSO2 DAS, make sure to update the port accordingly.
    Example: tcp://localhost:7611 if you have not port offset and tcp://localhost:7611+n if you have port offset by n.

    AdminUsername: Provide the administrator username. The default username is admin.
    AdminPassword: Provide the password of the administrator. The default password is admin.

4.  Configure the <EMM_HOME>/repository/conf/analytics/analytics-data-config.xml file to specify the data service access mode and the URL.There three types of access modes.

  • LOCAL    -  The Analytics API only accesses the AnalyticsDataServices OSGI service within itself.
  • REMOTE - The Analytics API only accesses the AnalyticsDataServices OSGI service in a remote instance. This mode is suitable when the node is a light weight node and does not contain an AnalyticsDataServices OSGi service
  • AUTO       - This is the default mode.
    The Analytics API of a DAS server node always has access to a AnalyticsDataServices OSgi service that exists within that same server node. At the same time, the same API can be used to change the mode and connect to a remote instance. This is done by setting the connection mode to Auto which allows the connection mode to be switched between LOCAL and REMOTE depending on the availability of the required AnalyticsDataServices OSgi service.
Create stream and receiver to publish events in WSo2 DAS. 
1. Create Event stream to define the data format of the streaming data.
2. Create Stream Receiver to binding stream to stores.
otherwise use carbonapp to deploy the artifact directly.

Curl command:
 i. Publish Event.
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 892ce0b71d30b2d5cf2c1b10806df382" -k -d '{ "deviceIdentifier": "353863072233137", "payload": "{\"packageName\":\"org.wso2.emm.agent\",\"state\":\"created\"}", "type": "APPLICATION_STATE" }' -v

POST /mdm-android-agent/events/ HTTP/1.1
User-Agent: curl/7.35.0
Accept: */*
Content-Type: application/json
Authorization: Bearer 892ce0b71d30b2d5cf2c1b10806df382
Content-Length: 147
upload completely sent off: 147 out of 147 bytes

HTTP/1.1 200 OK
Date: Thu, 05 May 2016 10:50:18 GMT
Content-Type: application/json
Content-Length: 51
Server WSO2 Carbon Server is not blacklisted
Server: WSO2 Carbon Server
Connection #0 to host left intact

{"responseCode":"Event is published successfully."}

ii. Getting Event detail of given device.

 curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 5747a79c4ec8d7445aa622463031d299" -k -v

 GET /mdm-android-agent/events/353863072233137 HTTP/1.1
User-Agent: curl/7.35.0
Accept: */*
Content-Type: application/json
Authorization: Bearer 5747a79c4ec8d7445aa622463031d299

HTTP/1.1 200 OK
Date: Thu, 05 May 2016 11:27:44 GMT
Content-Type: application/json
Content-Length: 216
Server WSO2 Carbon Server is not blacklisted
Server: WSO2 Carbon Server
Connection #0 to host left intact

iii. Getting specific type of given device.

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 5747a79c4ec8d7445aa622463031d299" -k -v


GET /mdm-android-agent/events/353863072233137/type/APPLICATION_STATE HTTP/1.1
User-Agent: curl/7.35.0
Accept: */*
Content-Type: application/json
Authorization: Bearer 5747a79c4ec8d7445aa622463031d299

HTTP/1.1 200 OK
Date: Thu, 05 May 2016 11:46:59 GMT
Content-Type: application/json
Content-Length: 431
Server WSO2 Carbon Server is not blacklisted
Server: WSO2 Carbon Server

Connection #0 to host left intact

 iv. Getting event detail for given time period.

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer 5747a79c4ec8d7445aa622463031d299" -k -v 


GET /mdm-android-agent/events/352317052330505?from=1462108907&to=1462108930 HTTP/1.1
Host: localhost:9443
User-Agent: curl/7.43.0
Accept: */*
Content-Type: application/json
Authorization: Bearer ee189258cea79c86d7656235f30e231d

HTTP/1.1 200 OK
Date: Sun, 01 May 2016 05:55:56 GMT
Content-Type: application/json
Content-Length: 476
Server: WSO2 Carbon Server

Sunday, May 8, 2016

Install Apache spark in standalone mode on Ubuntu

In this post explain about detail steps to setup Apache spark spark-1.6.1 in ubuntu 14.04

  1. Install Java
  2. Install Scala
  3. Install Git
  4. build spark
Install Java

For running spark on a machine, need to install java.Use following command to easily  install the java in Ubuntu machine.

Check the Java version,to convince it has been installed successfully.
It shows installed java version as following
java version "1.7.0_79"
Java(TM) SE Runtime Environment (build 1.7.0_79-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.79-b02, mixed mode)

Install Scala
In next step is install Scala, follow the following instructions to set up Scala. First download the Scala from here

Copy downloaded file to some location for example /urs/local/src, untar the file and set path variable, 

And add following in the end of the file
restart bashrc
To check the Scala is installed successfully
It shows installed Scala version Scala code runner version 2.10.4 -- Copyright 2002-2013, LAMP/EPFL

Then type just scala to goes interactive shell.

Install Git 
Install git since spark build depends on git

Build Spark 
Download the  Spark distribution from here


SBT(Simple Build Tool) is used for building Spark, which is bundled with it. To compile the code
Building take some time. After successfully packing you can test a sample program

Then you get the output as Pi is roughly 3.14634. Spark is ready to fire

Thursday, April 21, 2016

Windows Device Support in WSO2 EMM 2.0.0

WSO2 Enterprise Mobility Manager (EMM) is a unique solution designed to specifically address the mobile enterprise needs.EMM includes of two key aspects: Mobile Device Management (MDM) and Mobile Application Management (MAM). WSO2 EMM also supports single sign-on (SSO) and multi-tenancy.
EMM enables organizations to secure, manage and monitor Android, iOS and Windows powered devices (e.g., smart phones, ipod touch devices and tablet PCs), irrespective of the mobile operator, service provider, or the organization.
The administrator can create policies in EMM and define the device management rules that must be applied on devices. When employees register their devices with EMM, the applicable policy rules (e.g., enabling the phone lock, disabling the camera.) will be enforced on their devices.

Windows device management is supported since wso2 emm 2.0.0. Now we can go through the entire message flow of the windows device registration process.

 Proxy redirection configurations:

RewriteCond %{REQUEST_METHOD} ^(GET)$
RewriteRule ^/EnrollmentServer/Discovery.svc http://[serverIP]:port/mdm-windows-agent/services/discovery/get [P,L]
 RewriteCond %{REQUEST_METHOD} ^(POST)$
RewriteRule ^/EnrollmentServer/Discovery.svc http://[serverIP]:port/mdm-windows-agent/services/discovery/post [P,L]

ProxyPass /ENROLLMENTSERVER/PolicyEnrollmentWebservice.svc http://
ProxyPassReverse /ENROLLMENTSERVER/PolicyEnrollmentWebservice.svc http://

ProxyPass /ENROLLMENTSERVER/DeviceEnrollmentWebservice.svc http://
ProxyPassReverse /ENROLLMENTSERVER/DeviceEnrollmentWebservice.svc http://

ProxyPass /Syncml/initialquery http://
ProxyPassReverse /Syncml/initialquery http://

ProxyPass /emm-web-agent http://
ProxyPassReverse /emm-web-agent http://

Windows devices are enrolled through the inbuild/system application(Workplace app). User  can reach the  workplace app through  the Settings/workplace app in windows 8.1/8.
Existing user needs to signing via his mail address just like a above example.Then Device discovery service get the mail address and create the discovery request according to the above message flow diagram.The email address is provided in the following format: <user>@<EMAIL_DOMAIN>.
Device: Discovery Service
The automatic discovery service of the device uses the following fields and constructs a unique URI:
  • Append the subdomain enterpriseenrollment.
  • Extracts and append the domain from the username, i.e <EMAIL_DOMAIN>, that was submitted when signing in.
  • Append the path /EnrollmentServer/Discovery.svc
Example request URI for the mail address :

Since EMM server hasn't provided that kind of endpoints(/EnrollmentServer/Discovery.svc),Uses a proxy server(Apache2) to redirect the service calls.Following proxy pass configuration for the discovery endpoint redirection:


These proxy configuration mappings are thoroughly depicted in here

First get request(.../mdm-windows-agent/services/discovery/get) check the server availability and provide success(200) response and then proxy direct a post request(..../mdm-windows-agent/services/discovery/post) to the server side discovery endpoint.

 Server : Discovery Server endpoint

Once the POST request is received to the discovery endpoint,Following endpoints(proxy endpoints) are attached to the response body and send it to the device. 
1.  Authentication Policy.(Federated)
2. Proxy endpoint for the Enrollment policy. (/ENROLLMENTSERVER/PolicyEnrollmentWebservice.svc)
3. Proxy endpoint for the Enrollment Service. (/ENROLLMENTSERVER/DeviceEnrollmentWebservice.svc)
4.  Proxy endpoint for the Windows login page. (/emm-web-agent)
The device requests the login page through the received proxy endpoint URL. Then proxy server redirect this request according to following mapping.

ProxyPass  /emm-web-agent 

The emm broker page is rendered by the server end.

Server : Web Authentication Broker
Windows Phone 8.1 adds the support of a Federated as supported AuthPolicy value. When authentication policy is set to be Federated, Web Authentication Broker (WAB) will be leveraged by the enrollment client to get a security token. The WAB start page URL is provided by the discovery service in the response
Proxy endpoint for the Windows login page). The enrollment client will call the WAB API within the response message to start the WAB process. WAB pages are server hosted web pages. The server should build those pages to fit the phone screen nicely and be as consistent as possible to other builds in the MDM enrollment UI. The opaque security token that is returned from WAB as an endpage will be used by the enrollment client as the device security secret during the client certificate enrollment request call(XCEP and WSTEP calls(described in later)).
The enrollment client(Windows device) issues an HTTPS request as follows:
AuthenticationServiceUrl?appru=<appid>&login_hint=<User Principal Name> 

<appid> is of the form ms-app://string
<User Principal Name> is the name of the enrolling user, for example, as inputted by the user in an enrollment sign in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication. 

After authentication is complete, Web authentication broker must take the binary security token for the specific user from the BST(Binery security token) endpoint and sent it back to the Device. 
The auth server SHOULD return an HTML form document with a POST method action of appid identified in the query string parameter. For example: 

function formSubmit() {
<!-- appid below in post command must be same as appid in previous client https request. -
<form method="post" action="ms-app://appid">
<p><input type="hidden" name="wresult" value="token value"/></p>
<input type="submit"/>

Server : License agent 
 load the license according to the device type.
Device : Certificate Client
Then the certificate client send the request with the BST(Binary security token.) 
Client needs to get the certificate policy from the server endpoint.Since earlier Server provide the proxy endpoint for EnrollmentPolicy URL.

Example Proxy mapping:

ProxyPass /ENROLLMENTSERVER/PolicyEnrollmentWebservice.svc

Server: XCEP Server Endpoint
This XCEP web service implements the X.509 Certificate Enrollment Policy Protocol (MS-XCEP) specification that allows customizing certificate enrollment to match different security needs of enterprises at different times (cryptographic agility). The service processes the GetPolicies message from the client, authenticates the client, and returns matching enrollment policies in the GetPoliciesResponse message.

After the user is authenticated, the web service retrieves the certificate template that the user should enroll with and creates enrollment policies based on the certificate template properties .

Client send the certificate signing request according to policy template which given by the XCEP endpoint.
Discovery endpoint provided related proxy endpoint.Proxy server redirect to WSTEP endpoint.

Proxy mapping:
ProxyPass /ENROLLMENTSERVER/DeviceEnrollmentWebservice.svc 

Server: WSTEP Server Endpoint
This web service implements the MS-WSTEP protocol. It processes the RequestSecurityToken (RST) message from the client, authenticates the client using Binary security token which have provided earlier. requests the certificate from the CA, and returns it in the RequestSecurityTokenResponse (RSTR) to the client.Besides the issued certificate, the response also contains configurations needed to provision the DM client.

Other configurations for the Device management client:
  • Server certificate
  • Signed certificate
  • Server credentials
  • Client credentials
  • Next server endpoint to be initiate DM Client provisioning session.(
 Proxy mapping:
ProxyPass /Syncml/initialquery

Device: Device Management Client
DMClient send the initial syncml(xml) request which contains device initial details to be persist in server side. 

Server: Syncml Server Endpoint
Take the sycml response and parse it and persist the initial details and handle device management scenarios.

Sunday, April 10, 2016

Apache proxy configurations for windows

Apache proxy configurations for windows

Http apache2 server can be configured in both forward proxy,reverse proxy and also known as gateway mode.Proxy is intermediate between client and server,Client send request to the server,but actually that request receive to the proxy server and it gets the request and redirect it to the original server.and get the content from the server and response back to the client as behaving original target endpoint.

In here client only knows number1 indicating area.Server only knows the number2 indicating area.

First of all we need to configure the apache2 server to behave as a proxy(gateway mode.)
These configurations are depend on OS platform.Earlier I described that how to configure the apache proxy in linux environment.Now We can see how to configure in windows environment.

1. Download the Apache server from
2. Open httpd.conf in "Apache_home\conf"
3. Uncomment below lines in 'httpd.conf' (Search for mod_proxy)

LoadModule proxy_module modules/
LoadModule proxy_ajp_module modules/
LoadModule proxy_http_module modules/

4. Add below lines at the end of the file 'httpd.conf' for Proxy passing

ProxyPass <proxyname> <endpointURL>

ProxyPass "/foo" ""  
ProxyPassReverse "/foo" ""

5. Restart the Server.