X-PUSH operation is set using the $XPUSH_HOME/conf/xpush_config.xml file. It is recommended to use most values as they were at the time of deployment.
After changing the settings, the X-PUSH server must be restarted for the changes to take effect.
Other detailed settings not described below can be checked through XPUSH Detailed Settings.
Web Push Settings
Push settings for WEB Client are as follows.
Attribute | Description |
|---|---|
ServerBindAddress | Webpush Address default : 0.0.0.0 |
Port | Webpush port default : 10080 |
IsHttps | Whether to use HTTPS. Set it to true to use it. To use HTTPS, an SSL certificate must be set. |
<service name="WebPublisher" ...> ... <attribute name="ServerBindAddress">0.0.0.0</attribute> <attribute name="Port">10080</attribute> <attribute name="IsHttps">true</attribute> ... </service>
Runtime Push Settings
Push settings for Runtime Client are as follows.
Attribute | Description |
|---|---|
ServerBindAddress | RuntimePush Address default : 0.0.0.0 |
Port | RuntimePush port default : 10081 |
IsSSL | Whether to use SSL. Set it to true to use it. To use SSL, an SSL certificate must be set. |
<service name="RuntimePublisher" ...> ... <attribute name="ServerBindAddress">0.0.0.0</attribute> <attribute name="Port">10081</attribute> <attribute name="IsSSL">true</attribute> ... </service>
Message Provisioning Settings
Detailed settings for Message Provider are as follows.
Attribute | Description |
|---|---|
ServerBindAddress | Message Provider Address default : 0.0.0.0 |
Port | Message Provider port default : 10082 |
IsSSL | Whether to use SSL. Set it to true to use it. To use SSL, CertificateService must be set. |
<service name="Provider" ...> ... <attribute name="ServerBindAddress">0.0.0.0</attribute> <attribute name="Port">10082</attribute> <attribute name="IsSSL">false</attribute> ... </service>
Monitoring Settings
Console Monitoring
Detailed settings for Monitoring are as follows.
Attribute | Description |
|---|---|
ServerBindAddress | Message Provider Address default : 0.0.0.0 |
Port | Message Provider port default : 10083 |
<service name="PushMonitor" ...> ... <attribute name="ServerBindAddress">0.0.0.0</attribute> <attribute name="Port">10083</attribute> ... </service>
JMX
There are 4 JMX settings in the X-PUSH server.
The 4 items are as follows.
Attribute | Description |
|---|---|
IsJMX | Whether to use JMX (default: false) |
IsJMXpassword | Whether to use Password (default: false) |
JMXrmiRegistryPort | JMX registry Port (default : 10085) |
JMXrmiServerPort | JMX server Port (default 10086) |
2 files are required to use JMXpassword. These 2 files should be located in the XPUSH_HOME/conf/ directory.
The 2 files are jmxremote.password and jmxremote.access and they are in the same format as jmxremote.access and jmxremote.password in the JAVA_HOME/jre/lib/management/ folder.
X-PUSH’s JMX follows JAVA’s JMX regulations.
http://www.oracle.com/technetwork/java/javase/tech/javamanagement-140525.html
The following is an example of JMX settings.
<service name="Publisher"> ... <attribute name="IsJMX">ture</attribute> <attribute name="IsJMXpassword">true</attribute> <attribute name="JMXrmiRegistryPort">10085</attribute> <attribute name="JMXrmiServerPort">10086</attribute> ... </service>
JMXrmiRegistryPort and JMXrmiServerPort must be set to obtain JMX information.
System information such as CPU, Process, Memory, Swap, and Network can be checked in the JMX item.
Attribute | Description |
|---|---|
IsSystemMonitor | Whether to use System Monitor (default: false) |
<service name="Publisher"> ... <attribute name="IsSystemMonitor">true</attribute> ... </service>
DB Connection Settings
DB connection can be controlled through DBCP Service.
DBCP Service: Service to manage database connection Pool
Attribute | Description |
|---|---|
username | User ID for accessing the database. |
password | User password for accessing the database. |
connectUri | URI for database to be accessed. |
jdbcClassName | Class Name for JDBC to be accessed. |
maxActive | Maximum number of connections that can be simultaneously used in the service. |
maxIdle | Maximum number of idle state connections that can be maintained in the connection pool. |
minIdle | Minimum number of idle state connections that can be maintained in the connection pool. |
maxWait | If the number of connections being used in the connection pool is at maxActive, the wait time will be as specified under maxWait. An error will be generated if no free connections are available even after the specified maxWait time. |
validationQuery | The SQL query that will be used to validate connections from this pool before returning them to the caller. If specified, this query MUST be an SQL SELECT statement that returns at least one row. |
testOnBorrow | Running test when getting a connection from Pool |
testOnReturn | Running test when returning a connection to Pool |
testWhileIdle | Whether to run a test on the idle connection in Pool |
timeBetweenEvictionRunsMillis | The interval at which Evictor thread runs Evictor thread running is disabled when -1 |
numTestsPerEvictionRun | Testing number of a connection in the pool |
minEvictableIdleTimeMillis | Connection removing time by checking the idle time of connection |
UserInfoEncryptorClassName | Class name that encrypts/decrypts DB access account information DB |
isEncrypted | True if DB access account is encrypted and false otherwise |
Please refer to the Apache Commons DBCP site for more information.
http://commons.apache.org/proper/commons-dbcp/configuration.html
<service name="DbcpService">
<attribute name="username">sa</attribute>
<attribute name="password"></attribute>
<attribute name="connectUri">jdbc:h2:tcp://localhost/~/test</attribute>
<attribute name="jdbcClassName">org.h2.Driver</attribute>
<attribute name="maxActive">10</attribute>
<attribute name="maxIdle">0</attribute>
<attribute name="minIdle">5</attribute>
<attribute name="maxWait">-1</attribute>
<attribute name="validationQuery">select 1 from dual</attribute>
<attribute name="testOnBorrow">true</attribute>
<attribute name="testOnReturn">false</attribute>
<attribute name="testWhileIdle">false</attribute>
<attribute name="timeBetweenEvictionRunsMillis">-1</attribute>
<attribute name="numTestsPerEvictionRun">3</attribute>
<attribute name="minEvictableIdleTimeMillis">1800000</attribute>
<attribute name="UserInfoEncryptorClassName">com.nexacro.xpush.crypto.XPushPBEStringEncryptor</attribute>
<attribute name="isEncrypted">false</attribute>
<depends>Log</depends>
</service>DB Connection of X-PUSH server is made through DBCP and jdbc.jar file suitable for DB is required. For example, in the case of Oracle, the ojdbc-version.jar file must be added to the $XPUSH_HOME/lib folder.
ConnectUri item can be used in the format below (Oracle Net connection descriptor) without any parsing errors. Log settings
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=xxx.xx.xx.xxx)(PORT=xxxx))(ADDRESS=(PROTOCOL=TCP)(HOST=xxx.xx.xx.xxx)(PORT=xxxx)))(FAILOVER=ON)(LOAD_BALANCE=ON)(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=PKICC)))
Log Settings
X-PUSH leaves a log to a file and a log is also displayed on the console separately. Files and consoles can be set up separately.
Log Level
Logs are left according to 4 levels. Each level has priority value and its meaning is as follows.
Level | Priority | Description |
|---|---|---|
DEBUG | 40 | Information to identify server tests or other malfunctions |
TRACE | 30 | Information to look at details of the operation |
INFO | 20 | Server operation information |
WARN | 10 | Information on situations or exception that can be ignored |
ERROR | 0 | Errors affecting operation |
The priority value is the value used when setting the log level.
To change the level of console log, modify the attribute value of "PriorityRange" in the "ConsoleLogger" service in the "Log" service. To change the level of the file log, modify the attribute value of "PriorityRange" in the "FileLogger" service in the "Log" service.
The default settings are both '0:20' at the time of deployment, and this means that it will output a level from the priority value of 0 to 20. If you want to exclude INFO from the log, modify it as '0:10'.
<service name="Log"> ... <depends> <service name="ConsoleLogger"> ... <attribute name="PriorityRange">0:10</attribute> ... </service> </depends> ... <depends> <service name="FileLogger"> ... <attribute name="PriorityRange">0:40</attribute> ... </service> </depends> </service>
If TRACE or DEBUG is included in the output range, the amount of log increases considerably and performance may be affected. It is recommended to change the setting to INFO in the actual operating environment.
Log File Settings
Log file related settings are made in the "FileLogWriter" service.
<service name="FileLogWriter"> <attribute name="LogPath">log</attribute> <attribute name="LogFile">xpush.log</attribute> <attribute name="Encoding">utf-8</attribute> <attribute name="Append">true</attribute> <attribute name="MaximumFileSize">100000000</attribute> <attribute name="MaxBackupIndex">100</attribute> <attribute name="BufferedIO">false</attribute> </service>
The meaning of each attribute is as follows.
Attribute | Meaning | Possible Value |
|---|---|---|
LogPath | Location where the log files will be generated. It can be set as a relative or absolute path. In the case of a relative path, $XPUSH_HOME is the standard. To set as an absolute path, it must start with "/" like "/var", or driver name such as "d:\" in Windows. | |
LogFile | A file name where the log will be recorded. %INDEX% of the file name means the number to be used for log rotation. | |
Encoding | Sets the encoding of the string to be used when outputting to a file. | "UTF-8" |
Append | Specifies whether to add to the existing log file and output when starting the server. In the case of "false", the existing file is deleted and outputted. The default value at the time of deployment is true. | "true" "false" |
BufferedIO | Specifies whether to use a buffer when outputting to a file. The default value at the time of deployment is false. | "true" "false" |
X-PUSH Status Log File Settings
The information that can monitor the current status of X-PUSH is recorded as a file.
<service name="MonitorLogWriter">
<attribute name="IsRecord">false</attribute>
<attribute name="LogPath">log\status</attribute>
<attribute name="LogFile">xpush.status</attribute>
<attribute name="DatePattern">'.'yyyy-MM-dd</attribute>
<attribute name="Encoding">utf-8</attribute>
<attribute name="Append">true</attribute>
<attribute name="BufferedIO">false</attribute>
<attribute name="RecordingPeriod">5000</attribute>
<attribute name="PushMonitorServiceName">#PushMonitor</attribute>
</service>The meaning of each attribute is as follows.
Attribute | Meaning | Possible Value |
|---|---|---|
IsRecord | Specifies whether to record to the log file. It is recorded only when true and the default is false. | |
LogPath | Location where the log files will be generated. It can be set as a relative or absolute path. In the case of a relative path, $XPUSH_HOME is the standard. To set as an absolute path, it must start with "/" like "/var", or driver name such as "d:\" in Windows. | |
LogFile | A file name where the log will be recorded. %INDEX% of the file name means the number to be used for log rotation. | |
DatePattern | An extension format of log files recorded every day. When the date changes, the name of the log file is automatically changed. The extension is set to the corresponding DatePattern after the existing file. | |
Encoding | Sets the encoding of the string to be used when outputting to a file. | "UTF-8" |
Append | Specifies whether to add to the existing log file and output when starting the server. In the case of "false", the existing file is overwritten. The default value at the time of deployment is true. | "true" |
BufferedIO | Specifies whether to use a buffer when outputting to a file. The default value at the time of deployment is false. | "true", "false" |
RecordingPeriod | Time to record to file. The unit is MilliSecond(ms) and the default value at the time of deployment is 5000. | Number |
Clustering Settings
Each X-PUSH server is treated as a separate node when running multiple servers, and messages can be shared by connecting with each other.
The corresponding settings must be modified in "xpush_config.xml" for each service.
X-PUSH Server uses the Hazelcast service to transmit messages between each X-PUSH node.
The following four settings are available for the Hazelcast service.
Attribute | Description |
|---|---|
portAutoIncrement | This setting enables/disables the auto-increment function for the port numbers assigned to each Hazelcast service. default : false |
port | Default port number used for the Hazelcast service. default : 10087 |
joinTcpipEnable | Set whether to connect with other X-PUSH nodes via TCP/IP. default : false |
joinTcpipMember | Information for the X-PUSH nodes to be connected. ex) 127.0.0.1:10087 |
The following is an example of setting up three X-PUSH Servers via the Hazelcast service. The port number is set to "10087" without automatically increasing the value. It's also set to connect to another X-PUSH Server using the address "192.168.1.1" via TCP/IP.
X-PUSH #1 ip : 192.168.1.1 <service name=" HazelcastService" ... > ... <attribute name="portAutoIncrement">false</attribute> <attribute name="port">10087</attribute> <attribute name="joinTcpipEnable">true</attribute> <attribute name="joinTcpipMember" type = "java.lang.String[]"> 192.168.1.2:10087, 192.168.1.3:10087 </attribute> </service>
X-PUSH #2 ip : 192.168.1.2 <service name=" HazelcastService" ... > ... <attribute name="portAutoIncrement">false</attribute> <attribute name="port">10087</attribute> <attribute name="joinTcpipEnable">true</attribute> <attribute name="joinTcpipMember" type = "java.lang.String[]"> 192.168.1.1:10087, 192.168.1.3:10087 </attribute> </service>
X-PUSH #3 ip : 192.168.1.3 <service name=" HazelcastService" ... > ... <attribute name="portAutoIncrement">false</attribute> <attribute name="port">10087</attribute> <attribute name="joinTcpipEnable">true</attribute> <attribute name="joinTcpipMember" type = "java.lang.String[]"> 192.168.1.1:10087, 192.168.1.2:10087 </attribute> </service>
For node setting, even if multiple PUSH servers are connected to only one location, the entire connection is made.
When configuring clustering, you must set it with the static IP.
User Authentication Settings
X-PUSH server requests the external authenticator to authenticate each of 3 connections (Client, Provider, Monitor). The class must be set in the configuration file after implementing each authenticator that implements the Authenticator interface to load the corresponding class and request authentication when authentication is required.
As there are 3 access methods, 3 authenticators are required.
Client Authentication
<service name="MiPlatformProtocolReliabilityAuthenticator" ...> <attribute name="AuthenticatorClassName"> com.nexacro.xpush.fw.service.auth.UserPropertiesReliabilityAuthenticator </attribute> </service>
In the case of client authentication, it is set as UserPropertiesReliabilityAuthenticator class and all users are allowed to connect.
Provider Authentication
<service name="SocketProviderProtocolAuthenticator" ..> <attribute name="AuthenticatorClassName"> com.nexacro.xpush.fw.service.auth.UserProfileDummyAuthenticator </attribute> </service>
In the case of provider authentication, it is set as UserProfileDummyAuthenticator class and all users are allowed to connect.
Monitor Authentication
The authenticator for Admin or monitor access can be checked in the attribute values below.
"MonitorProtocol" service > "depends" element > "MonitorProtocolAuthenticator" service > "AuthenticatorClassName" attribute value
<service name="MonitorProtocol">
...
<depends>
<service name="MonitorProtocolAuthenticator">
<attribute name="AuthenticatorClassName">
com.nexacro.xpush.fw.service.auth.UserPropertiesEncryptAuthenticator
</attribute>
</service>
</depends>
...
</service>In the case of monitor authentication, it is set as UserPropertiesEncryptAuthenticator class and the id and pw of the $XPUSH_HOME/conf/user.properties file is referred.
Class Name | Description |
|---|---|
DummyAuthenticator | All users are allowed to access |
UserPropertiesAuthenticator | Users registered in $XPUSH_HOME/conf/user.properties file are allowed |
UserPropertiesEncryptAuthenticator | Users with encrypted values registered in $XPUSH_HOME/conf/user.properties file are allowed |
UserPropertiesAuthenticator authenticates using the /conf/user.properties file. Users not registered in user.properties will fail to log in after generating AuthenticateException.
User setting method is "User ID"="User PASSWORD".
UserPropertiesEncryptAuthenticator class can perform user authentication by entering an encrypted password in $XPUSH_HOME/conf/user.properties.
Please refer to the user.properties password encryption for more information on password encryption.
Please refer to the Authenticator Development item for other details.
Mobile Notification Settings
X-PUSH server provides mobile notification service with 2 platforms, APNs and FCM. Each service can be used by modifying setting items in xpush_config.xml. Also, notifications to be delivered can be customized using NotificationFormatter.
When the X-PUSH server sends Notification, it searches DeviceToken of Offline User stored in DB. In the X-PUSH server, 1 User can request Notification from n or more Devices. However, when multiple Users use 1 Device, only the last registered User is activated and a Notification is sent.
NotificationBuilder Service
In the Notification Builder service, you can specify the number of error codes to be updated or saved at once in the T_Notification table.
Attribute | Description |
|---|---|
InsertBatchAtOnceCount | It is the number of executing Insert Batch to DB for N number of the inquired mobile device at once. |
UpdateHandlerBatchAtOnceCount | It is the number of executing Update Batch to DB with the data from the Update queue at once. |
UpdateHandlerProcessingAtOnceCount | It is the number of responses received from APNS and FCM from the accumulated queue. |
NotificationFormatterName | It is the class that specifies the message format before sending a notification. |
The following is an example of Notification Builder Service settings. It inserts N number of inquired devices by 1,000 at a time, fetches from the queue where responses from Apns/FCM are accumulated by 1,000 at a time, and updates the corresponding columns by 100.
<service name="NotificationBuilderServcice" ... > <attribute name="insertBatchAtOnceCount">1000</attribute> <attribute name="UpdateHandlerBatchAtOnceCount">100</attribute> <attribute name="UpdateHandlerProcessingAtOnceCount">1000</attribute> <attribute name="NotificationFormatterName"> com.nexacro.xpush.service.notification.NotificationFormatterPropertiesImpl </attribute> .... </service>
NotificationFormatterPropertiesImpl class loads $XPUSH_HOME/conf/notification.properties file and specifies the title and body of the notification. X-PUSH server must be restarted if the title and body are to be reset.
NotificationFormatter class specifies a message before sending a message notification.
Please refer to Notification Formatter Development for more details.
NotificationAttributeCommon Service
It is a service that defines common attributes for notifications including FCM and APNS.
Attribute | Description |
|---|---|
IsMultiAppWithProjectID | An attribute for whether to use Notification for N number of mobile app along with ProjectID. (default = true) |
badge | If the 'badge' item is set to true, the number of unreceived messages that the client should receive is set in Notification and sent. |
IsBadgeOnlyStateZero | Only messages with message_state of 0 are displayed in Badge. |
retries | It is the number of retransmissions. |
The following is the setting for NotificationAttributeCommonService. IsMultiAppWithProjectID is set to true, the badge is set to be displayed only for messages with message_satete of 0, and the number of retransmission attempts is set to 3 when there is an internal server error.
<service name="NotificationAttributeCommonService" ...> <attribute name="IsMultiAppWithProjectID">true</attribute> <attribute name="badge">true</attribute> <attribute name="IsBadgeOnlyStateZero">true</attribute> <attribute name="retries">3</attribute> </service>
APNs (Apple Push Notification Service)
Apns MultiApp Service
If IsMultiAppWithProjectID is set to true, processing for N or more mobile apps can be performed.
Configuring ApnsInfo Service
In the ApnsInfo service, the N number of apps per project can be set. The service name can be configured accordingly by the user. For example, the TOBESOFT_1 project and the TOBESOFT_2 project may contain information about the mobile apps contained in each. Attributes have the following 2 setting items.
Attribute | Description |
|---|---|
ProjectID | The project name can be set. |
AppInfo | N number of apps can be configured via Apns certificate. The Bundle ID of the certificate is set as a key value, and path, password, type, and production are set as List-type values. [CFBundleURLName]=[KeystorePath],[KeystorePassword],[KeystoreType],[production] ex) com.abc.def=C:\tmp\apns2.p12,123456,PKCS12,false, |
Please refer to the Apple Developer Support site for instructions on the APNs certificate.
The APNs certificate must be renewed annually.
The following is an example of the ApnsInfo Service setting. The service is configured with each APNS_INFO_TOBESOFT_1, APNS_INFO_TOBESOFT_2 names, and the project name and APNS App information have been added.
<service name="APNS_INFO_TOBESOFT_1" code="com.nexacro.xpush.service.notification.InfoApnsWithProjectIDService" instance="singleton" management="false">
<attribute name="ProjectID">TOBESOFT_1</attribute>
<attribute name="AppInfo" type ="java.util.HashMap">
com.nexacro.apns=C:\tmp\apns.p12,12345,PKCS12,false,
com.nexacro.apns2=C:\tmp\apns2.p12,12345,PKCS12,false,
</attribute>
</service>
<service name="APNS_INFO_TOBESOFT_2" code="com.nexacro.xpush.service.notification.InfoApnsWithProjectIDService" instance="singleton" management="false">
<attribute name="ProjectID">TOBESOFT_2</attribute>
<attribute name="AppInfo" type ="java.util.HashMap">
com.nexacro.apns3=C:\tmp\apns3.p12,12345,PKCS12,false,
</attribute>
</service>Please be careful not to duplicate the ProjectID of the service.
Apns Notifier Service
APNs Notifier Service has 8 setting items as follows.
Attribute | Description |
|---|---|
ApnsInfo | A service list of Apns app information matching the project. |
ApnsConnectorName | It can be specified in the format of #Service_Name. |
feedbackService | An interface for connection with the Apns server. |
sound | It must be set as com.nexacro.xpush.service.notification.connector.XPushApnsConnector. |
retries | Specifies whether to activate Feedback Service when sending a message each time. |
ApnsProviderThreadPoolCount | Sets the notification sound. |
failOver | The number of retransmission attempts. |
The following is an example of APNs Notifier Service setting. 2 ApnsInfo services are configured and settings for other attributes are specified.
<service name="ApnsNotifierService" ... >
...
<attribute name="ApnsInfo">
#APNS_INFO_TOBESOFT_1
#APNS_INFO_TOBESOFT_2
</attribute>
<attribute name="ApnsConnectorName">com.nexacro.xpush.service.notification.connector.XPushApnsConnector</attribute>
...
<attribute name="sound">default</attribute>
<attribute name="feedbackService">true</attribute>
<attribute name="ApnsHandlerThreadPoolCount">1</attribute>
<attribute name="failOver">true</attribute>
...
</service>epending on JDK, errors may be generated when Notifications are delivered to APNs. In this case, it can be solved by converting the certificate format from PKCS12 to JKS format. Please refer to the link below for how to convert.
When using a firewall, connection to the APNs server must be allowed.
URL :
Sandbox server: gateway.sandbox.push.apple.com
Production server: gateway.push.apple.com
Port : 2195
URL :
feedback Sandbox server: feedback.sandbox.push.apple.com
feedback Production server: feedback.push.apple.com
Port : 2196
The connection can be checked with telnet
ex) telnet gateway.push.apple.com 2195
How to check firewall and DNS server in Linux
nc -v gateway.push.apple.com 2195
When allowing the connection, it must be set as a URL, not IP.
FCM (Firebase Colud Messageing)
FCM MultiApp Service
If IsMultiAppWithProjectID is set to true, processing for N or more FCM projects can be performed.
Configuring FCMInfo Service
In the FCMInfo service, the N number of FCM projects per 1 project can be set. The service name can be configured accordingly by the user. For example, the TOBESOFT_1 project and the TOBESOFT_2 project may contain information about the FCM projects contained in each. Attributes have the following 2 setting items.
Attribute | Description |
|---|---|
ProjectID | The project name can be set. |
ApiKey | API Key to use for authentication when accessing FCM. |
SendID | Sender ID of the FCM server. |
ApiKey must be entered as the server key (either the server key or the previous server key) in the cloud message tab. (It is recommended to use the server key rather than the previous server key.)
When using a firewall, connection to the GCM server must be allowed.
URL : https://fcm.googleapis.com/fcm/send
Port : 443, 5228, 5229, 5230
The connection can be checked with telnet
ex) telnet fcm.googleapis.com 443
How to check firewall and DNS server in Linux
nc -v fcm.googleapis.com 443
When allowing the connection, it must be set as a URL, not IP.
The following is an example of the FcmInfo Service setting. The service is configured of each FCM_INFO_TOBESOFT_1, FCM_INFO_TOBESOFT_2 names, and the project name and FCM server information have been added.
<service name="FCM_INFO_TOBESOFT_1" code="com.nexacro.xpush.service.notification.InfoFcmWithProjectIDService" instance="singleton" management="false"> <attribute name="ProjectID">TOBESOFT_1</attribute> <attribute name="SendID">78965651</attribute> <attribute name="ApiKey">ASDGKMXEGE73RSGXE</attribute> </service> <service name="FCM_INFO_TOBESOFT_2" code="com.nexacro.xpush.service.notification.InfoFcmWithProjectIDService" instance="singleton" management="false"> <attribute name="ProjectID">TOBESOFT_2</attribute> <attribute name="SendID">34215651</attribute> <attribute name="ApiKey">GRSDLCDMSPRSC2TK</attribute> </service>
Please be careful not to duplicate the ProjectID of the service and FCM server information.
GCM Notifier Service
GCM Notifier Service is used when sending Notification from X-PUSH server to FCM.
GCM Notifier Service has 6 setting items as follows.
Protocol Service Name | Description |
|---|---|
FcmInfo | A service list of Fcm server information matching the project. It can be specified in the format of #Service_Name. |
GcmConnectorName | An interface for connection with FCM server. It must be set as com.nexacro.xpush.service.notification.connector.GcmHttpConnector. |
GcmProviderThreadPoolCount | The number of threads in the Gcm Provider thread pool It sets the number of threads in the thread pool considering the processing ability of Connection and Send to send Notification to FCM Server. |
FailOver | Specifies whether to process exception processing when Notification transmission fails. |
The following is an example of the GCM Notifier Service setting. 2 GcmInfo services are configured and settings for other attributes are specified.
<service name="GcmNotifierService" ... >
...
<attribute name="FcmInfo">
#FCM_INFO_TOBESOFT_1
#FCM_INFO_TOBESOFT_2
</attribute>
<attribute name="GcmConnectorName">com.nexacro.xpush.service.notification.connector.GcmHttpConnector</attribute>
<attribute name="FailOver">true</attribute>
</service>Scheduling Settings
Attribute | Description |
|---|---|
type="java.lang.String" |
Minute (0-59) Hour (0-23) Date (1-31) Month (1-12) Day of the week (0-6) |
<service name=" CronTabScheduleService "> ... <argument type="java.lang.String"> 0 0 1 * * </argument> <!-- Delete messages at 00:00 on the 1st of every month --> ... </service>
Delete received messages
<invoke name="add">
<!-- Delete messages at 00:00 on the 1st of every month -->
<argument type="java.lang.String">0 0 1 * *</argument>
<argument type="it.sauronsoftware.cron4j.Task">
<object code="com.nexacro.xpush.service.schedule.DeleteMessageTask">
<attribute name="dbcpService">
<service-ref>#DbcpService</service-ref>
</attribute>
</object>
</argument>
</invoke>Delete expired messages
<invoke name="add">
<!-- Delete messages that expire at 00:00 every day of every month -->
<argument type="java.lang.String">0 0 * * *</argument>
<argument type="it.sauronsoftware.cron4j.Task">
<object code="com.nexacro.xpush.service.schedule.DeleteExpiredMessageTask">
<attribute name="dbcpService">
<service-ref>#DbcpService</service-ref>
</attribute>
</object>
</argument>
</invoke>Delete expired notifications
<invoke name="add">
<!-- Delete notifications that expire at 00:00 on Sundays -->
<argument type="java.lang.String">0 0 * * *</argument>
<argument type="it.sauronsoftware.cron4j.Task">
<object code="com.nexacro.xpush.service.schedule.DeleteExpiredNotificationTask">
<attribute name="dbcpService">
<service-ref>#DbcpService</service-ref>
</attribute>
</object>
</argument>
</invoke>nnect to Apns feedback service and update the device token that received a response
<invoke name="add">
<!-- Activate feedback service and update device token at 00:00 every day -->
<argument type="java.lang.String">0 0 * * *</argument>
<argument type="it.sauronsoftware.cron4j.Task">
<object code="com.nexacro.xpush.service.schedule.ApnsFeedbackServiceTask">
<attribute name="dbcpService">
<service-ref>#DbcpService</service-ref>
</attribute>
<attribute name="apnsNotifierService">
<service-ref>#ApnsNotifierService</service-ref>
</attribute>
</object>
</argument>
</invoke>Please refer to the item for more details.
SSL Certificate Settings
X-PUSH server uses SSL for encrypted communication.
Attribute | Description |
|---|---|
Path | SSL certificate location |
Password | SSL server key |
IsEncrypted | Whether to use encryption |
<service name="CertificateService"> <attribute name="Path">C:/xpush-2.8.0/conf/cacao.tobesoft.co.kr.jks</attribute> <attribute name="Password">1234567890</attribute> <attribute name="IsEncrypted">false</attribute> <attribute name="CertificatesPasswordEncryptorClassName">com.nexacro.xpush.crypto.XPushPBEStringEncryptor</attribute> </service>
The certificate setting is the SSL certificate setting.
The practical application is to change IsHttps in WebPublisher and IsSSL in RuntimePublisher, Provider to true.
<attribute name="IsHttps">true</attribute>
<attribute name="IsSSL">true</attribute>
To use an SSL certificate, jks file format is required. If it is difficult to get an official SSL issued, you can get a Self-signed Certificate issued with OpenSSL and test it.
You can check whether it is an SSL certificate that is certified by an official authority in the browser.
Encryption Settings
A function to encrypt security-sensitive information is provided.
3 encryptions are available: DB access account encryption, SSL password encryption, and password encryption in user.properties.
The encryption key must be used identically for encryption
It is recommended to use the key set internally in X-PUSH.
run_dbcp_userinfo_encrypt.sh run_ssl_encrypt.sh password run_property_encrypt.sh password
SSL Certificate Information Encryption
CertificateService provides an encryption function of information that may be security-sensitive among the certificate information set as follows. line-height:normal">For the encryption, the password item must be encrypted in the following items.
The encryption/decryption of account information is performed through the class set in CertificatesPasswordEncryptorClassName among the above items. The encrypted password information can be obtained by using the script provided in the package. Accordingly, the isEncrtypt item and Password item must be set manually. If the isEncrypted item is true when running X-PUSH, the password information is decrypted and set in the certificate.
CertificatesPasswordEncryptorClassName | Class name that encrypts/decrypts the certificate password |
isEncrypted | True if the certificate password is encrypted and false otherwise. |
Encryption
line-height:normal">The run_ssl_encrypt script (.sh, .bat) included in the X-PUSH package is used for SSL certificate information encryption. line-height:normal">The script file is located in the bin/ directory.
run_ssl_encrypt.sh password xpush
For scripts as above, encryption is performed using the string called xpush as an encryption key. The encryption value below can be obtained when the script is run.
D:\xpush-3.0.0\bin>run_ssl_encrypt.bat 1234567890 xpush encrypt : TJOLf/d8YRvcJSSG+d0JgwX0vbdwhr1T39TmPmVaKj4=
The encrypted password and isEncrypted attributes must be manually set to true.
The xpush_config.xml file located in the conf/ directory must be modified as follows.
<service name="CertificateService"> <attribute name="Path">C:/xpush-2.6.7/conf/cacao.tobesoft.co.kr.jks</attribute> <attribute name="Password">QhJoZx1QQ03Km+u2Sk63tsvu6o3cX9OeP/t3ZImwLtg=</attribute> <attribute name="IsEncrypted">true</attribute> <attribute name="CertificatesPasswordEncryptorClassName">com.nexacro.xpush.crypto.XPushPBEStringEncryptor</attribute> </service>
If the encryption key is not passed as a parameter when running the run_ssl_encrypt script, the default encryption key internally set in X-PUSH is used and this applies the same to decryption as well.
The basically available encryption key is up to 7 characters.
This is due to the JDK’s restriction on the use of encryption modules, so if you want to use more than 7 characters for an encryption key, you must set the JCE Unlimited Strength Jurisdiction Policy File in JDK.
Decryption
For SSL/HTTPS client connection after running X-PUSH, the encryption key used for encryption must be passed as a parameter when running X-PUSH. X-PUSH sets the certificate by decrypting the password with the encryption key passed as a parameter.
startup.sh xpush
If the user encryption key is not used but the key set internally in X-PUSH is used, there is no parameter.
startup.sh
Error in the Case of Failure
It occurs when the encryption key required for encryption is not set or when the wrong password is set. If the set key is not decrypted or if X-PUSH is run by encrypting the password incorrectly and connected to SSL certified client, the following error will occur.
DB Account Information Encryption
DbcpService provides encryption of account information that may be security-sensitive among DB access information set as follows. In the case of encryption, the username and password items among the following items are encrypted.
<service name="DbcpService"> <attribute name="username">xpush</attribute> <attribute name="password">xpush</attribute> <attribute name="connectUri">jdbc:h2:tcp://localhost/~/test</attribute> <attribute name="jdbcClassName">org.h2.Driver</attribute> ... <attribute name="UserInfoEncryptorClassName">com.nexacro.xpush.crypto.XPushPBEStringEncryptor</attribute> <attribute name="isEncrypted">false</attribute> ... </service>
The encryption/decryption of account information is performed through the class set in UserInfoEncryptorClassName among the above items. When encryption is performed using the script provided in the package, the isEncrypted item is automatically set to true. If the setting is changed or encrypted for other reasons and the isEncrypted item is false, it must be changed to true. If the isEncrypted item is true when X-PUSH is started, the account information is decrypted to access DB.
UserInfoEncryptorClassName | Class name that encrypts/decrypts the DB access account information |
isEncrypted | True if the DB access account is encrypted and false otherwise. |
Encryption
The run_dbcp_userinfo_encrypt script (.sh, .bat) included in the X-PUSH package is used for DB account information encryption. The script file is located in the bin/ directory.
run_dbcp_userinfo_encrypt.sh xpush
For scripts as above, encryption is performed using the string called xpush as an encryption key. The username and password items are encrypted as below when the script is run and the isEncrypted item is changed to true.
run_dbcp_userinfo_encrypt.sh
When the script is run as above, encryption is performed using the encryption key set internally in X-PUSH. When the script is run, the username and password items are encrypted as below and the isEncrypted item is changed to true.
<service name="DbcpService"> <attribute name="username">Va3n7cU3aaB/JSqhfQNBBo7UUejPmBjHY//8iLxo80Mv+w1TTDKUv8yPQfpdkRnORrYcBDRugEDi4jfcn6zpmQ==</attribute> <attribute name="password">VRibE8jCKPKDFpA+RZ7rLsfau3Uc5JSRfctCg5yZx9czByNzGFOWNOhxgKBcVDRuadP6NsMuJ7zRK0TLKwK1jQ==</attribute> <attribute name="connectUri">jdbc:h2:tcp://localhost/~/test</attribute> <attribute name="jdbcClassName">org.h2.Driver</attribute> ... <attribute name="UserInfoEncryptorClassName">com.nexacro.xpush.crypto.XPushPBEStringEncryptor</attribute> <attribute name="isEncrypted">true</attribute> ... </service>
If the encryption key is not passed as a parameter when running the script, the default encryption key internally set in X-PUSH is used and this applies to decryption as well.
By default, available encryption key is up to 7 characters.
This is due to the JDK’s restriction on the use of encryption modules, so if you want to use more than 7 characters for an encryption key, you must set the JCE Unlimited Strength Jurisdiction Policy File in JDK
SHA256 and 256BITAES methods are mixed and used for the encryption algorithm.
Decryption
In order to access the DB with encrypted account information when running X-PUSH, the encryption key used for encryption must be passed as a parameter when running X-PUSH. X-PUSH accesses the DB by decrypting the account information with the encryption key passed as a parameter
startup.sh xpush
When running by passing the encryption key as a parameter, only when the log level is DEBUG, whether encryption is applied can be checked with the isEncrypted item value. It does not output the decrypted account information other than that and in normal cases, the log indicating that the DB connection was successful can be checked.
[DEBUG] DBCPService Attribute isEncrypted=true [INFO] Check Database Connection : OK [INFO] Check All Tables : OK
If the user encryption key is not used but the key set internally in X-PUSH is used, there is no parameter.
startup.sh
Error Log in the Case of Failure
It occurs when the encryption key required for encryption is not set. When the encryption key is not set, it will be run with the default encryption key, hence there is a low possibility of encountering it.
[DEBUG] DBCPService Attribute isEncrypted=true [ERROR] Password not set for Password Based Encryptor [ERROR] Fail Get a Database Connection. Check Database.
It occurs when the encryption key of 7 characters or more is used without the JCE Unlimited Strength Jurisdiction Policy File installed in JDK.
[DEBUG] DBCPService Attribute isEncrypted=true [ERROR] Encryption raised an exception. A possible cause is you are using strong encryption algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine [ERROR] Fail Get a Database Connection. Check Database.
It mainly occurs when the encryption key is incorrect. Detailed log messages have been omitted for security purposes.
[DEBUG] DBCPService Attribute isEncrypted=true [ERROR] Decryption operation failed, ommitting any further information about the cause for security reasons. [ERROR] Fail Get a Database Connection. Check Database.
user.properties password encryption
Encryption
To encrypt the password value in the user.properties file, the value must be generated directly and entered into the file.
run_property_encrypt.sh xpush
D:\xpush-3.0.0\bin>run_property_encrypt.bat xpush encrypt : R6pzR+wLGuFyazlLkcHNin645R7pv3p9Q0NgpSc8iBM=
The password generated by the script is entered into user.properties.
tobesoft=R6pzR+wLGuFyazlLkcHNin645R7pv3p9Q0NgpSc8iBM=
Decryption
In the UserPropertiesEncryptAuthenticator class set inside the xpush server, the password set by the user is set as the key to decrypt the encrypted password value in user.properties to check whether it is matched and determine whether the login is successful.
Message Available Period Settings
The available period of the reliable message is set in the server.
Attribute | Description |
|---|---|
availablePeriod | Set the default available period for reliable messages(day) |
maximumAvailablePeriod | Set the maximum available period for reliable messages(day) |
<service name=" RepositoryService "> ... <attribute name="availablePeriod">-1</attribute> <attribute name="maximumAvailablePeriod">-1</attribute> ... </service>
Message Recovery Settings
It is a message recovery service that is stored as a file in case of an error in the processing of received response messages.
Attribute | Description |
|---|---|
RecoverPeriod | The service is operated at regular intervals. |
<service name=" RecoverService "> ... <attribute name="RecoverPeriod">600000</attribute> <!--Recovery every 10 minutes--> ... </service>