X-PUSH operation is set using the $XPUSH_HOME/conf/xpush_config.xml file. It is recommended to use most values as they were at the time of deployment.
After changing the settings, the X-PUSH server must be restarted for the changes to take effect.
Other detailed settings not described below can be checked through XPUSH Detailed Settings.
Web Push Settings
Push settings for WEB Client are as follows.
Attribute | Description |
---|---|
ServerBindAddress | Webpush Address default : 0.0.0.0 |
Port | Webpush port default : 50000 |
IsHttps | Whether to use HTTPS. Set it to true to use it. To use HTTPS, an SSL certificate must be set(CertificateService). |
<service name="WebPublisher" ...> ... <attribute name="ServerBindAddress">0.0.0.0</attribute> <attribute name="Port">50000</attribute> <attribute name="IsHttps">true</attribute> ... </service>
Runtime Push Settings
Push settings for Runtime Client are as follows.
Attribute | Description |
---|---|
ServerBindAddress | RuntimePush Address default : 0.0.0.0 |
Port | RuntimePush port default : 50001 |
IsSSL | Whether to use SSL. Set it to true to use it. To use SSL, an SSL certificate must be set. |
<service name="RuntimePublisher" ...> ... <attribute name="ServerBindAddress">0.0.0.0</attribute> <attribute name="Port">50001</attribute> <attribute name="IsSSL">true</attribute> ... </service>
Message Provisioning Settings
Detailed settings for Message Provider are as follows.
Attribute | Description |
---|---|
ServerBindAddress | Message Provider Address default : 0.0.0.0 |
Port | Message Provider port default : 50002 |
<service name="Provider" ...> ... <attribute name="ServerBindAddress">0.0.0.0</attribute> <attribute name="Port">50002</attribute> ... </service>
Monitoring Settings
Console Monitoring
Detailed settings for Monitoring are as follows.
Attribute | Description |
---|---|
ServerBindAddress | Message Provider Address default : 0.0.0.0 |
Port | Message Provider port default : 50003 |
<service name="PushMonitor" ...> ... <attribute name="ServerBindAddress">0.0.0.0</attribute> <attribute name="Port">50003</attribute> ... </service>
JMX
There are 4 JMX settings in the X-PUSH server.
The 4 items are as follows.
Attribute | Description |
---|---|
IsJMX | Whether to use JMX (default: false) |
IsJMXpassword | Whether to use Password (default: false) |
JMXrmiRegistryPort | JMX registry Port (default : 50005) |
JMXrmiServerPort | JMX server Port (default 50006) |
2 files are required to use JMXpassword. These 2 files should be located in the XPUSH_HOME/conf/ directory.
The 2 files are jmxremote.password and jmxremote.access and they are in the same format as jmxremote.access and jmxremote.password in the JAVA_HOME/jre/lib/management/ folder.
X-PUSH’s JMX follows JAVA’s JMX regulations.
http://www.oracle.com/technetwork/java/javase/tech/javamanagement-140525.html
The following is an example of JMX settings.
<service name="Publisher"> ... <attribute name="IsJMX">ture</attribute> <attribute name="IsJMXpassword">true</attribute> <attribute name="JMXrmiRegistryPort">50005</attribute> <attribute name="JMXrmiServerPort">50006</attribute> ... </service>
JMXrmiRegistryPort and JMXrmiServerPort must be set to obtain JMX information.
System information such as CPU, Process, Memory, Swap, and Network can be checked in the JMX item.
Attribute | Description |
---|---|
IsSystemMonitor | Whether to use System Monitor (default: false) |
<service name="Publisher"> ... <attribute name="IsSystemMonitor">true</attribute> ... </service>
DB Connection Settings
DB connection can be controlled through DBCP Service.
DBCP Service: Service to manage database connection Pool
Attribute | Description |
---|---|
username | User ID for accessing the database. |
password | User password for accessing the database. |
connectUri | URI for database to be accessed. |
jdbcClassName | Class Name for JDBC to be accessed. |
maxActive | Maximum number of connections that can be simultaneously used in the service. |
maxIdle | Maximum number of idle state connections that can be maintained in the connection pool. |
minIdle | Minimum number of idle state connections that can be maintained in the connection pool. |
maxWait | If the number of connections being used in the connection pool is at maxActive, the wait time will be as specified under maxWait. An error will be generated if no free connections are available even after the specified maxWait time. |
validationQuery | The SQL query that will be used to validate connections from this pool before returning them to the caller. If specified, this query MUST be an SQL SELECT statement that returns at least one row. |
testOnBorrow | Running test when getting a connection from Pool |
testOnReturn | Running test when returning a connection to Pool |
testWhileIdle | Whether to run a test on the idle connection in Pool |
timeBetweenEvictionRunsMillis | The interval at which Evictor thread runs Evictor thread running is disabled when -1 |
numTestsPerEvictionRun | Testing number of a connection in the pool |
minEvictableIdleTimeMillis | Connection removing time by checking the idle time of connection |
UserInfoEncryptorClassName | Class name that encrypts/decrypts DB access account information DB |
isEncrypted | True if DB access account is encrypted and false otherwise |
Please refer to the Apache Commons DBCP site for more information.
http://commons.apache.org/proper/commons-dbcp/configuration.html
<service name="DbcpService"> <attribute name="username">sa</attribute> <attribute name="password"></attribute> <attribute name="connectUri">jdbc:h2:tcp://localhost/~/test</attribute> <attribute name="jdbcClassName">org.h2.Driver</attribute> <attribute name="maxActive">10</attribute> <attribute name="maxIdle">0</attribute> <attribute name="minIdle">5</attribute> <attribute name="maxWait">-1</attribute> <attribute name="validationQuery">select 1 from dual</attribute> <attribute name="testOnBorrow">true</attribute> <attribute name="testOnReturn">false</attribute> <attribute name="testWhileIdle">false</attribute> <attribute name="timeBetweenEvictionRunsMillis">-1</attribute> <attribute name="numTestsPerEvictionRun">3</attribute> <attribute name="minEvictableIdleTimeMillis">1800000</attribute> <attribute name="UserInfoEncryptorClassName">com.nexacro.xpush.crypto.XPushPBEStringEncryptor</attribute> <attribute name="isEncrypted">false</attribute> <depends>Log</depends> </service>
DB Connection of X-PUSH server is made through DBCP and jdbc.jar file suitable for DB is required. For example, in the case of Oracle, the ojdbc-version.jar file must be added to the $XPUSH_HOME/lib folder.
ConnectUri item can be used in the format below (Oracle Net connection descriptor) without any parsing errors. Log settings
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=xxx.xx.xx.xxx)(PORT=xxxx))(ADDRESS=(PROTOCOL=TCP)(HOST=xxx.xx.xx.xxx)(PORT=xxxx)))(FAILOVER=ON)(LOAD_BALANCE=ON)(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=PKICC)))
2 or more DBs can be connected by the following method.
For more details, refer to the official documentation of each DB.
ex) Tibero
jdbc:tibero:thin:@(description= (failover=on)(load_balance=on) (address_list=(address=(host=127.0.0.1)(port=8629)) (address=(host=127.0.0.2)(port=8629)) )(DATABASE_NAME=t5))
Need to change the encryption algorithm method? AES method DB connection setup
Log Settings
The log setting method has changed from v2.8.9 to Log4j2 and follows the Log4j2 standard.
For detailed log setting methods, refer to the official Log4j2 data.
The explanation below is the log setting method before v2.8.9 (cf. changed to Log4j2 method in v2.8.9)
cf) v2.8.9 or higher: Manage logs in $XPUSH_HOME/conf/log4j2.xml (Log4j2 settings follow the standard method)
cf) The MonitorLogWriter service, which monitors the status of the X-PUSH server at the bottom, is maintained in v2.8.9 and higher.
X-PUSH leaves a log to a file and a log is also displayed on the console separately. Files and consoles can be set up separately.
Log Level
Logs are left according to 4 levels. Each level has priority value and its meaning is as follows.
Level | Priority | Description |
---|---|---|
DEBUG | 40 | Information to identify server tests or other malfunctions |
TRACE | 30 | Information to look at details of the operation |
INFO | 20 | Server operation information |
WARN | 10 | Information on situations or exception that can be ignored |
ERROR | 0 | Errors affecting operation |
The priority value is the value used when setting the log level.
To change the level of console log, modify the attribute value of "PriorityRange" in the "ConsoleLogger" service in the "Log" service. To change the level of the file log, modify the attribute value of "PriorityRange" in the "FileLogger" service in the "Log" service.
The default settings are both '0:20' at the time of deployment, and this means that it will output a level from the priority value of 0 to 20. If you want to exclude INFO from the log, modify it as '0:10'.
<service name="Log"> ... <depends> <service name="ConsoleLogger"> ... <attribute name="PriorityRange">0:10</attribute> ... </service> </depends> ... <depends> <service name="FileLogger"> ... <attribute name="PriorityRange">0:40</attribute> ... </service> </depends> </service>
If TRACE or DEBUG is included in the output range, the amount of log increases considerably and performance may be affected. It is recommended to change the setting to INFO in the actual operating environment.
Log File Settings
Log file related settings are made in the "FileLogWriter" service.
<service name="FileLogWriter"> <attribute name="LogPath">log</attribute> <attribute name="LogFile">xpush.log</attribute> <attribute name="Encoding">utf-8</attribute> <attribute name="Append">true</attribute> <attribute name="MaximumFileSize">100000000</attribute> <attribute name="MaxBackupIndex">100</attribute> <attribute name="BufferedIO">false</attribute> </service>
The meaning of each attribute is as follows.
Attribute | Meaning | Possible Value |
---|---|---|
LogPath | Location where the log files will be generated. It can be set as a relative or absolute path. In the case of a relative path, $XPUSH_HOME is the standard. To set as an absolute path, it must start with "/" like "/var", or driver name such as "d:\" in Windows. | |
LogFile | A file name where the log will be recorded. %INDEX% of the file name means the number to be used for log rotation. | |
Encoding | Sets the encoding of the string to be used when outputting to a file. | "UTF-8" |
Append | Specifies whether to add to the existing log file and output when starting the server. In the case of "false", the existing file is deleted and outputted. The default value at the time of deployment is true. | "true" "false" |
BufferedIO | Specifies whether to use a buffer when outputting to a file. The default value at the time of deployment is false. | "true" "false" |
X-PUSH Status Log File Settings
MonitorLogWriter service maintained in v2.8.9 and higher
The information that can monitor the current status of X-PUSH is recorded as a file.
<service name="MonitorLogWriter"> <attribute name="IsRecord">false</attribute> <attribute name="LogPath">log\status</attribute> <attribute name="LogFile">xpush.status</attribute> <attribute name="DatePattern">'.'yyyy-MM-dd</attribute> <attribute name="Encoding">utf-8</attribute> <attribute name="Append">true</attribute> <attribute name="RecordingPeriod">5000</attribute> <attribute name="PushMonitorServiceName">#PushMonitor</attribute> </service>
The meaning of each attribute is as follows.
Attribute | Meaning | Possible Value |
---|---|---|
IsRecord | Specifies whether to record to the log file. It is recorded only when true and the default is false. | |
LogPath | Location where the log files will be generated. It can be set as a relative or absolute path. In the case of a relative path, $XPUSH_HOME is the standard. To set as an absolute path, it must start with "/" like "/var", or driver name such as "d:\" in Windows. | |
LogFile | A file name where the log will be recorded. %INDEX% of the file name means the number to be used for log rotation. | |
DatePattern | An extension format of log files recorded every day. When the date changes, the name of the log file is automatically changed. The extension is set to the corresponding DatePattern after the existing file. | |
Encoding | Sets the encoding of the string to be used when outputting to a file. | "UTF-8" |
Append | Specifies whether to add to the existing log file and output when starting the server. In the case of "false", the existing file is overwritten. The default value at the time of deployment is true. | "true" |
RecordingPeriod | Time to record to file. The unit is MilliSecond(ms) and the default value at the time of deployment is 5000. | Number |
Clustering Settings
Multiple X-PUSH servers can be grouped into a cluster to share messages. When a Provider message is provided to a specific server, the Provider message is supplied to all servers in the cluster.
Set HazelcastService in xpush_config.xml for clustering.
The following four settings are available for the Hazelcast service.
Attribute | Description |
---|---|
portAutoIncrement | This setting enables/disables the auto-increment function for the port numbers assigned to each Hazelcast service. default : false |
port | Default port number used for the Hazelcast service. default : 50007 |
joinTcpipEnable | Set whether to connect with other X-PUSH nodes via TCP/IP. default : false |
joinTcpipMember | Information for the X-PUSH nodes to be connected. ex) 127.0.0.1:50007 |
The following is an example of setting up three X-PUSH Servers via the Hazelcast service. The port number is set to "50007" without automatically increasing the value. It's also set to connect to another X-PUSH Server using the address "192.168.1.1" via TCP/IP.
X-PUSH #1 ip : 192.168.1.1 <service name=" HazelcastService" ... > ... <attribute name="portAutoIncrement">false</attribute> <attribute name="port">50007</attribute> <attribute name="joinTcpipEnable">true</attribute> <attribute name="joinTcpipMember" type = "java.lang.String[]"> 192.168.1.2:50007, 192.168.1.3:50007 </attribute> </service>
X-PUSH #2 ip : 192.168.1.2 <service name=" HazelcastService" ... > ... <attribute name="portAutoIncrement">false</attribute> <attribute name="port">50007</attribute> <attribute name="joinTcpipEnable">true</attribute> <attribute name="joinTcpipMember" type = "java.lang.String[]"> 192.168.1.1:50007, 192.168.1.3:50007 </attribute> </service>
X-PUSH #3 ip : 192.168.1.3 <service name=" HazelcastService" ... > ... <attribute name="portAutoIncrement">false</attribute> <attribute name="port">50007</attribute> <attribute name="joinTcpipEnable">true</attribute> <attribute name="joinTcpipMember" type = "java.lang.String[]"> 192.168.1.1:50007, 192.168.1.2:50007 </attribute> </service>
Clouds must be set to a fixed IP.
User Authentication Settings
X-PUSH server requests the external authenticator to authenticate each of 3 connections (Client, Provider, Monitor). The class must be set in the configuration file after implementing each authenticator that implements the Authenticator interface to load the corresponding class and request authentication when authentication is required.
As there are 3 access methods, 3 authenticators are required.
Client Authentication
<service name="MiPlatformProtocolReliabilityAuthenticator" ...> <attribute name="AuthenticatorClassName"> com.nexacro.xpush.fw.service.auth.UserPropertiesReliabilityAuthenticator </attribute> </service>
In the case of client authentication, it is set as UserPropertiesReliabilityAuthenticator class and all users are allowed to connect.
Provider Authentication
<service name="SocketProviderProtocolAuthenticator" ..> <attribute name="AuthenticatorClassName"> com.nexacro.xpush.fw.service.auth.UserProfileDummyAuthenticator </attribute> </service>
In the case of provider authentication, it is set as UserProfileDummyAuthenticator class and all users are allowed to connect.
Monitor Authentication
The authenticator for Admin or monitor access can be checked in the attribute values below.
"MonitorProtocol" service > "depends" element > "MonitorProtocolAuthenticator" service > "AuthenticatorClassName" attribute value
<service name="MonitorProtocol"> ... <depends> <service name="MonitorProtocolAuthenticator"> <attribute name="AuthenticatorClassName"> com.nexacro.xpush.fw.service.auth.UserPropertiesEncryptAuthenticator </attribute> </service> </depends> ... </service>
In the case of monitor authentication, it is set as UserPropertiesEncryptAuthenticator class and the id and pw of the $XPUSH_HOME/conf/user.properties file is referred.
Class Name | Description |
---|---|
DummyAuthenticator | All users are allowed to access |
UserPropertiesAuthenticator | Users registered in $XPUSH_HOME/conf/user.properties file are allowed |
UserPropertiesEncryptAuthenticator | Users with encrypted password values registered in $XPUSH_HOME/conf/user.properties file are allowed |
UserPropertiesAuthenticator authenticates using the /conf/user.properties file. Users not registered in user.properties will fail to log in after generating AuthenticateException.
User setting method is "User ID"="User PASSWORD".
UserPropertiesEncryptAuthenticator class can perform user authentication by entering an encrypted password in $XPUSH_HOME/conf/user.properties.
Please refer to the user.properties password encryption for more information on password encryption.
Please refer to the Authenticator Development item for other details.
Need to change the encryption algorithm method? AES monitor authentication (related to user.properties)
Mobile Notification Settings
X-PUSH server provides mobile notification service with 2 platforms, APNs and FCM. Each service can be used by modifying setting items in xpush_config.xml. Also, notifications to be delivered can be customized using NotificationFormatter.
When the X-PUSH server sends Notification, it searches DeviceToken of Offline User stored in DB. In the X-PUSH server, 1 User can request Notification from n or more Devices. However, when multiple Users use 1 Device, only the last registered User is activated and a Notification is sent.
NotificationBuilder Service
In the Notification Builder service, you can specify the number of error codes to be updated or saved at once in the T_Notification table.
Attribute | Description |
---|---|
InsertBatchAtOnceCount | It is the number of executing Insert Batch to DB for N number of the inquired mobile device at once. |
UpdateHandlerBatchAtOnceCount | It is the number of executing Update Batch to DB with the data from the Update queue at once. |
UpdateHandlerProcessingAtOnceCount | It is the number of responses received from APNS and FCM from the accumulated queue. |
NotificationFormatterName | It is the class that specifies the message format before sending a notification. |
The following is an example of Notification Builder Service settings. It inserts N number of inquired devices by 1,000 at a time, fetches from the queue where responses from Apns/FCM are accumulated by 1,000 at a time, and updates the corresponding columns by 100.
<service name="NotificationBuilderServcice" ... > <attribute name="insertBatchAtOnceCount">1000</attribute> <attribute name="UpdateHandlerBatchAtOnceCount">100</attribute> <attribute name="UpdateHandlerProcessingAtOnceCount">1000</attribute> <attribute name="NotificationFormatterName"> com.nexacro.xpush.service.notification.NotificationFormatterPropertiesImpl </attribute> .... </service>
NotificationFormatterPropertiesImpl class loads $XPUSH_HOME/conf/notification.properties file and specifies the title and body of the notification. X-PUSH server must be restarted if the title and body are to be reset.
NotificationFormatter class specifies a message before sending a message notification.
Please refer to Notification Formatter Development for more details.
NotificationAttributeCommon Service
It is a service that defines common attributes for notifications including FCM and APNS.
Attribute | Description |
---|---|
IsMultiAppWithProjectID | An attribute for whether to use Notification for N number of mobile app along with ProjectID. (default = true) |
badge | If the 'badge' item is set to true, the number of unreceived messages that the client should receive is set in Notification and sent. |
IsBadgeOnlyStateZero | Only messages with message_state of 0 are displayed in Badge. |
retries | It is the number of retransmissions. |
The following is the setting for NotificationAttributeCommonService. IsMultiAppWithProjectID is set to true, the badge is set to be displayed only for messages with message_satete of 0, and the number of retransmission attempts is set to 3 when there is an internal server error.
<service name="NotificationAttributeCommonService" ...> <attribute name="IsMultiAppWithProjectID">true</attribute> <attribute name="badge">true</attribute> <attribute name="IsBadgeOnlyStateZero">true</attribute> <attribute name="retries">3</attribute> </service>
APNs (Apple Push Notification Service)
Apns MultiApp Service
If IsMultiAppWithProjectID is set to true, processing for N or more mobile apps can be performed.
Configuring ApnsInfo Service
In the ApnsInfo service, the N number of apps per project can be set. The service name can be configured accordingly by the user. For example, the TOBESOFT_1 project and the TOBESOFT_2 project may contain information about the mobile apps contained in each. Attributes have the following 2 setting items.
Attribute | Description |
---|---|
ProjectID | The project name can be set. |
AppInfo | N number of apps can be configured via Apns certificate. The Bundle ID of the certificate is set as a key value, and path, password, type, and production are set as List-type values. [CFBundleURLName]=[KeystorePath],[KeystorePassword],[KeystoreType],[production] ex) com.abc.def=C:\tmp\apns2.p12,123456,PKCS12,false, |
Please refer to the Apple Developer Support site for instructions on the APNs certificate.
APNs certifications must be renewed every year.
The following is an example of the ApnsInfo Service setting. The service is configured with each APNS_INFO_TOBESOFT_1, APNS_INFO_TOBESOFT_2 names, and the project name and APNS App information have been added.
<service name="APNS_INFO_TOBESOFT_1" code="com.nexacro.xpush.service.notification.InfoApnsWithProjectIDService" instance="singleton" management="false"> <attribute name="ProjectID">TOBESOFT_1</attribute> <attribute name="AppInfo" type ="java.util.HashMap"> com.nexacro.apns=C:\tmp\apns.p12,12345,PKCS12,false, com.nexacro.apns2=C:\tmp\apns2.p12,12345,PKCS12,false, </attribute> </service> <service name="APNS_INFO_TOBESOFT_2" code="com.nexacro.xpush.service.notification.InfoApnsWithProjectIDService" instance="singleton" management="false"> <attribute name="ProjectID">TOBESOFT_2</attribute> <attribute name="AppInfo" type ="java.util.HashMap"> com.nexacro.apns3=C:\tmp\apns3.p12,12345,PKCS12,false, </attribute> </service>
Please be careful not to duplicate the ProjectID of the service.
Apns Notifier Service
APNs Notifier Service has 8 setting items as follows.
Attribute | Description |
---|---|
ApnsInfo | A service list of Apns app information matching the project. |
ApnsConnectorName | It can be specified in the format of #Service_Name. |
feedbackService | An interface for connection with the Apns server. |
sound | It must be set as com.nexacro.xpush.service.notification.connector.XPushApnsConnector. |
retries | Specifies whether to activate Feedback Service when sending a message each time. |
ApnsProviderThreadPoolCount | Number of threads in Apns Provider thread pool : Set the number of threads in the thread pool considering the processing capacity of Connection and Send for sending notifications to Apns Server. |
failOver | The number of retransmission attempts. |
The following is an example of APNs Notifier Service setting. 2 ApnsInfo services are configured and settings for other attributes are specified.
<service name="ApnsNotifierService" ... > ... <attribute name="ApnsInfo"> #APNS_INFO_TOBESOFT_1 #APNS_INFO_TOBESOFT_2 </attribute> <attribute name="ApnsConnectorName">com.nexacro.xpush.service.notification.connector.XPushApnsConnector</attribute> ... <attribute name="sound">default</attribute> <attribute name="feedbackService">true</attribute> <attribute name="ApnsHandlerThreadPoolCount">1</attribute> <attribute name="failOver">true</attribute> ... </service>
epending on JDK, errors may be generated when Notifications are delivered to APNs. In this case, it can be solved by converting the certificate format from PKCS12 to JKS format. Please refer to the link below for how to convert.
When using a firewall, connection to the APNs server must be allowed.
URL :
Sandbox server: api.development.push.apple.com
Production server: api.push.apple.com
Port : 443
The connection can be checked with telnet
ex) telnet api.push.apple.com 443
How to check firewall and DNS server in Linux
nc -v api.push.apple.com 443
When allowing the connection, it must be set as a URL, not IP.
FCM (Firebase Colud Messageing)
FCM MultiApp Service
If IsMultiAppWithProjectID is set to true, processing for N or more FCM projects can be performed.
Configuring FCMInfo Service
In the FCMInfo service, the N number of FCM projects per 1 project can be set. The service name can be configured accordingly by the user. For example, the TOBESOFT_1 project and the TOBESOFT_2 project may contain information about the FCM projects contained in each. Attributes have the following 2 setting items.
Attribute | Description |
---|---|
ProjectID | The project name can be set. |
ApiKey | API Key to use for authentication when accessing FCM. |
SendID | Sender ID of the FCM server. |
ApiKey must be entered as the server key (either the server key or the previous server key) in the cloud message tab. (It is recommended to use the server key rather than the previous server key.)
When using a firewall, connection to the GCM server must be allowed.
URL : https://fcm.googleapis.com/fcm/send
Port : 443, 5228, 5229, 5230
The connection can be checked with telnet
ex) telnet fcm.googleapis.com 443
How to check firewall and DNS server in Linux
nc -v fcm.googleapis.com 443
When allowing the connection, it must be set as a URL, not IP.
The following is an example of the FcmInfo Service setting. The service is configured of each FCM_INFO_TOBESOFT_1, FCM_INFO_TOBESOFT_2 names, and the project name and FCM server information have been added.
<service name="FCM_INFO_TOBESOFT_1" code="com.nexacro.xpush.service.notification.InfoFcmWithProjectIDService" instance="singleton" management="false"> <attribute name="ProjectID">TOBESOFT_1</attribute> <attribute name="SendID">78965651</attribute> <attribute name="ApiKey">ASDGKMXEGE73RSGXE</attribute> </service> <service name="FCM_INFO_TOBESOFT_2" code="com.nexacro.xpush.service.notification.InfoFcmWithProjectIDService" instance="singleton" management="false"> <attribute name="ProjectID">TOBESOFT_2</attribute> <attribute name="SendID">34215651</attribute> <attribute name="ApiKey">GRSDLCDMSPRSC2TK</attribute> </service>
Please be careful not to duplicate the ProjectID of the service and FCM server information.
GCM Notifier Service
GCM Notifier Service is used when sending Notification from X-PUSH server to FCM.
GCM Notifier Service has 6 setting items as follows.
Protocol Service Name | Description |
---|---|
FcmInfo | A service list of Fcm server information matching the project. It can be specified in the format of #Service_Name. |
GcmConnectorName | An interface for connection with FCM server. It must be set as com.nexacro.xpush.service.notification.connector.GcmHttpConnector. |
GcmProviderThreadPoolCount | The number of threads in the FCM Provider thread pool It sets the number of threads in the thread pool considering the processing ability of Connection and Send to send Notification to FCM Server. |
FailOver | Specifies whether to process exception processing when Notification transmission fails. |
The following is an example of the GCM Notifier Service setting. 2 GcmInfo services are configured and settings for other attributes are specified.
<service name="GcmNotifierService" ... > ... <attribute name="FcmInfo"> #FCM_INFO_TOBESOFT_1 #FCM_INFO_TOBESOFT_2 </attribute> <attribute name="GcmConnectorName">com.nexacro.xpush.service.notification.connector.GcmHttpConnector</attribute> <attribute name="FailOver">true</attribute> </service>
Scheduling Settings
Attribute | Description |
---|---|
type="java.lang.String" |
Minute (0-59) Hour (0-23) Date (1-31) Month (1-12) Day of the week (0-6) |
<service name=" CronTabScheduleService "> ... <argument type="java.lang.String"> 0 0 1 * * </argument> <!-- Delete messages at 00:00 on the 1st of every month --> ... </service>
Delete received messages
<invoke name="add"> <!-- Delete messages at 00:00 on the 1st of every month --> <argument type="java.lang.String">0 0 1 * *</argument> <argument type="it.sauronsoftware.cron4j.Task"> <object code="com.nexacro.xpush.service.schedule.DeleteMessageTask"> <attribute name="dbcpService"> <service-ref>#DbcpService</service-ref> </attribute> </object> </argument> </invoke>
Delete expired messages
<invoke name="add"> <!-- Delete messages that expire at 00:00 every day of every month --> <argument type="java.lang.String">0 0 * * *</argument> <argument type="it.sauronsoftware.cron4j.Task"> <object code="com.nexacro.xpush.service.schedule.DeleteExpiredMessageTask"> <attribute name="dbcpService"> <service-ref>#DbcpService</service-ref> </attribute> </object> </argument> </invoke>
Delete expired notifications
<invoke name="add"> <!-- Delete notifications that expire at 00:00 on Sundays --> <argument type="java.lang.String">0 0 * * *</argument> <argument type="it.sauronsoftware.cron4j.Task"> <object code="com.nexacro.xpush.service.schedule.DeleteExpiredNotificationTask"> <attribute name="dbcpService"> <service-ref>#DbcpService</service-ref> </attribute> </object> </argument> </invoke>
nnect to Apns feedback service and update the device token that received a response
<invoke name="add"> <!-- Activate feedback service and update device token at 00:00 every day --> <argument type="java.lang.String">0 0 * * *</argument> <argument type="it.sauronsoftware.cron4j.Task"> <object code="com.nexacro.xpush.service.schedule.ApnsFeedbackServiceTask"> <attribute name="dbcpService"> <service-ref>#DbcpService</service-ref> </attribute> <attribute name="apnsNotifierService"> <service-ref>#ApnsNotifierService</service-ref> </attribute> </object> </argument> </invoke>
Please refer to the item for more details.
SSL Certificate Settings
X-PUSH server uses SSL for encrypted communication.
Attribute | Description |
---|---|
Path | SSL certificate location |
Password | SSL server key |
IsEncrypted | Whether to use encryption |
<service name="CertificateService"> <attribute name="Path">C:/xpush-2.8.0/conf/cacao.tobesoft.co.kr.jks</attribute> <attribute name="Password">1234567890</attribute> <attribute name="IsEncrypted">false</attribute> <attribute name="CertificatesPasswordEncryptorClassName">com.nexacro.xpush.crypto.XPushPBEStringEncryptor</attribute> </service>
CertificateService is a service for setting up the SSL certificate.
For practical application
For WRE, change IsHttps to true in the WebPublisher service
ex) <attribute name="IsHttps">true</attribute>
For NRE, change IsSSL to true in the RuntimePublisher service.
ex) <attribute name="IsSSL">true</attribute>
To use an SSL certificate, jks file format is required. If it is difficult to get an official SSL issued, you can get a Self-signed Certificate issued with OpenSSL and test it.
You can check whether it is an SSL certificate that is certified by an official authority in the browser.
Need to change the encryption algorithm method? AES method SSL certification settings
Encryption Settings
A function to encrypt security-sensitive information is provided.
3 types of encryption possible
SSL password encryption
Password encryption in user.properties
Encrypt DB access account
For security reasons, we recommend using the internally key set in X-PUSH as the encryption key.
(If you encrypt without entering the encryption key, the encryption key inside X-PUSH will be used.)
To use a different key as an encryption key,
the same encryption key must be used for all three: SSL password encryption, user.properties password encryption, and DB access account encryption.
run_ssl_encrypt.sh password run_property_encrypt.sh password run_dbcp_userinfo_encrypt.sh
Need to change the encryption algorithm method? Change settings and usage of encryption algorithm (AES)
SSL Certificate Information Encryption
CertificateService provides an encryption function of information that may be security-sensitive among the certificate information set as follows. line-height:normal">For the encryption, the password item must be encrypted in the following items.
The encryption/decryption of account information is performed through the class set in CertificatesPasswordEncryptorClassName among the above items. The encrypted password information can be obtained by using the script provided in the package. Accordingly, the isEncrtypt item and Password item must be set manually. If the isEncrypted item is true when running X-PUSH, the password information is decrypted and set in the certificate.
CertificatesPasswordEncryptorClassName | Class name that encrypts/decrypts the certificate password |
isEncrypted | True if the certificate password is encrypted and false otherwise. |
Encryption
The run_ssl_encrypt script (.sh, .bat) included in the X-PUSH package is used for SSL certificate information encryption. The script file is located in the bin/ directory.
run_ssl_encrypt.sh password
When executing the script as above, the encryption key within the X-PUSH server is used.
shell script: run_ssl_encrypt.sh 'password to use'
Output the encrypted text by adding '' (single quotation marks) to the password to be used.
batch script: run_ssl_encrypt.sh “password to use”
Output the encrypted text by adding “”(double quotation marks) to the password to be used.
run_ssl_encrypt.sh password xpush
For scripts as above, encryption is performed using the string called xpush as an encryption key. The encryption value below can be obtained when the script is run.
The encrypted password and isEncrypted attributes must be manually set to true.
The xpush_config.xml file located in the conf/ directory must be modified as follows.
<service name="CertificateService"> <attribute name="Path">C:/xpush-2.6.7/conf/cacao.tobesoft.co.kr.jks</attribute> <attribute name="Password">QhJoZx1QQ03Km+u2Sk63tsvu6o3cX9OeP/t3ZImwLtg=</attribute> <attribute name="IsEncrypted">true</attribute> <attribute name="CertificatesPasswordEncryptorClassName">com.nexacro.xpush.crypto.XPushPBEStringEncryptor</attribute> </service>
If the encryption key is not passed as a parameter when running the run_ssl_encrypt script, the default encryption key internally set in X-PUSH is used and this applies the same to decryption as well.
The basically available encryption key is up to 7 characters.
This is due to the JDK’s restriction on the use of encryption modules, so if you want to use more than 7 characters for an encryption key, you must set the JCE Unlimited Strength Jurisdiction Policy File in JDK.
Decryption
For SSL/HTTPS client connection after running X-PUSH, the encryption key used for encryption must be passed as a parameter when running X-PUSH. X-PUSH sets the certificate by decrypting the password with the encryption key passed as a parameter.
startup.sh xpush
If the user encryption key is not used but the key set internally in X-PUSH is used, there is no parameter.
startup.sh
Error in the Case of Failure
It occurs when the encryption key required for encryption is not set or when the wrong password is set. If the set key is not decrypted or if X-PUSH is run by encrypting the password incorrectly and connected to SSL certified client, the following error will occur.
Need to change the encryption algorithm method? SSL encryption, user.properties encryption
user.properties password encryption
Encryption
To encrypt the password value in the user.properties file, you must create the value yourself and enter it into the file.
run_property_encrypt.sh xpush
Enter the password generated through the script into user.properties.
Decryption
The UserPropertiesEncryptAuthenticator class set inside the xpush server sets the password set by the user as the key, decrypts the password value encrypted in user.properties, checks for consistency, and determines whether or not login is successful.
Need to change the encryption algorithm method? SSL encryption, user.properties encryption
DB Account Information Encryption
DbcpService provides encryption of account information that may be security-sensitive among DB access information set as follows. In the case of encryption, the username and password items among the following items are encrypted.
<service name="DbcpService"> <attribute name="username">xpush</attribute> <attribute name="password">xpush</attribute> <attribute name="connectUri">jdbc:h2:tcp://localhost/~/test</attribute> <attribute name="jdbcClassName">org.h2.Driver</attribute> ... <attribute name="UserInfoEncryptorClassName">com.nexacro.xpush.crypto.XPushPBEStringEncryptor</attribute> <attribute name="isEncrypted">false</attribute> ... </service>
The encryption/decryption of account information is performed through the class set in UserInfoEncryptorClassName among the above items. When encryption is performed using the script provided in the package, the isEncrypted item is automatically set to true. If the setting is changed or encrypted for other reasons and the isEncrypted item is false, it must be changed to true. If the isEncrypted item is true when X-PUSH is started, the account information is decrypted to access DB.
UserInfoEncryptorClassName | Class name that encrypts/decrypts the DB access account information |
isEncrypted | True if the DB access account is encrypted and false otherwise. |
Encryption
The run_dbcp_userinfo_encrypt script (.sh, .bat) included in the X-PUSH package is used for DB account information encryption. The script file is located in the bin/ directory.
run_dbcp_userinfo_encrypt.sh xpush
For scripts as above, encryption is performed using the string called xpush as an encryption key. The username and password items are encrypted as below when the script is run and the isEncrypted item is changed to true.
run_dbcp_userinfo_encrypt.sh
When the script is run as above, encryption is performed using the encryption key set internally in X-PUSH. When the script is run, the username and password items are encrypted as below and the isEncrypted item is changed to true.
<service name="DbcpService"> <attribute name="username">Va3n7cU3aaB/JSqhfQNBBo7UUejPmBjHY//8iLxo80Mv+w1TTDKUv8yPQfpdkRnORrYcBDRugEDi4jfcn6zpmQ==</attribute> <attribute name="password">VRibE8jCKPKDFpA+RZ7rLsfau3Uc5JSRfctCg5yZx9czByNzGFOWNOhxgKBcVDRuadP6NsMuJ7zRK0TLKwK1jQ==</attribute> <attribute name="connectUri">jdbc:h2:tcp://localhost/~/test</attribute> <attribute name="jdbcClassName">org.h2.Driver</attribute> ... <attribute name="UserInfoEncryptorClassName">com.nexacro.xpush.crypto.XPushPBEStringEncryptor</attribute> <attribute name="isEncrypted">true</attribute> ... </service>
If the encryption key is not passed as a parameter when running the script, the default encryption key internally set in X-PUSH is used and this applies to decryption as well.
By default, available encryption key is up to 7 characters.
This is due to the JDK’s restriction on the use of encryption modules, so if you want to use more than 7 characters for an encryption key, you must set the JCE Unlimited Strength Jurisdiction Policy File in JDK
SHA256 and 256BITAES methods are mixed and used for the encryption algorithm.
Decryption
In order to access the DB with encrypted account information when running X-PUSH, the encryption key used for encryption must be passed as a parameter when running X-PUSH. X-PUSH accesses the DB by decrypting the account information with the encryption key passed as a parameter
startup.sh xpush
When running by passing the encryption key as a parameter, only when the log level is DEBUG, whether encryption is applied can be checked with the isEncrypted item value. It does not output the decrypted account information other than that and in normal cases, the log indicating that the DB connection was successful can be checked.
[DEBUG] DBCPService Attribute isEncrypted=true [INFO] Check Database Connection : OK [INFO] Check All Tables : OK
If the user encryption key is not used but the key set internally in X-PUSH is used, there is no parameter.
startup.sh
Error Log in the Case of Failure
It occurs when the encryption key required for encryption is not set. If you do not set an encryption key, the default encryption key is used.
[DEBUG] DBCPService Attribute isEncrypted=true [ERROR] Password not set for Password Based Encryptor [ERROR] Fail Get a Database Connection. Check Database.
It occurs when the encryption key of 7 characters or more is used without the JCE Unlimited Strength Jurisdiction Policy File installed in JDK.
[DEBUG] DBCPService Attribute isEncrypted=true [ERROR] Encryption raised an exception. A possible cause is you are using strong encryption algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine [ERROR] Fail Get a Database Connection. Check Database.
It mainly occurs when the encryption key is incorrect. Detailed log messages have been omitted for security purposes.
[DEBUG] DBCPService Attribute isEncrypted=true [ERROR] Decryption operation failed, ommitting any further information about the cause for security reasons. [ERROR] Fail Get a Database Connection. Check Database.
Need to change the encryption algorithm method? DB encryption
Message Available Period Settings
The available period of the reliable message is set in the server.
Attribute | Description |
---|---|
availablePeriod | Set the default available period for reliable messages(day) |
maximumAvailablePeriod | Set the maximum available period for reliable messages(day) |
<service name=" RepositoryService "> ... <attribute name="availablePeriod">-1</attribute> <attribute name="maximumAvailablePeriod">-1</attribute> ... </service>
If you set a value with setAvailablePeriod() of the PushMessage object in Provider, that value will have priority over the availablePeriod value in xpush_config.xml.
(However, the value set with setAvailablePeriod() of the PushMessage object cannot exceed the maximumAvailablePeriod value in xpush_config.xml.)
-1 : Expiration set not set
If both the server (availablePeriod, maximumAvailablePeriod in xpush_config.xml) and Provider values are not set, the validity period is not set.
Message Recovery Settings
It is a message recovery service that is stored as a file in case of an error in the processing of received response messages.
Attribute | Description |
---|---|
RecoverPeriod | The service is operated at regular intervals. |
<service name=" RecoverService "> ... <attribute name="RecoverPeriod">600000</attribute> <!--Recovery every 10 minutes--> ... </service>
Change settings and usage of encryption algorithm (AES)
This is a method of changing to the AES encryption algorithm when the existing encryption algorithm (using SHA256, 256BITAES) is not supported in a specific environment.
3 types of encryption possible
SSL password encryption
Password encryption in user.properties
Encrypt DB access account
For security reasons, we recommend using the internally key set in X-PUSH as the encryption key.
(If you encrypt without entering the encryption key, the encryption key inside X-PUSH will be used.)
To use a different key as an encryption key,
the same encryption key must be used for all three: SSL password encryption, user.properties password encryption, and DB access account encryption.
Setting
3 parts to change in $XPUSH_HOME/conf/xpush_config.xml (when using AES encryption algorithm)
AES method SSL certification settings
Refer to the description of the existing encryption method.: SSL Certificate Settings
<service name="CertificateService">
<attribute name="Path">C:/xpush-2.8.0/conf/cacao.tobesoft.co.kr.jks</attribute>
<attribute name="Password">1234567890</attribute>
<attribute name="IsEncrypted">false</attribute>
<attribute name="CertificatesPasswordEncryptorClassName">com.nexacro.xpush.crypto.XPushAESStringEncryptor</attribute>
</service>
AES monitor authentication (related to user.properties)
Refer to the description of the existing encryption method.: Monitor Authentication
<service name="MonitorProtocol">
...
<depends>
<service name="MonitorProtocolAuthenticator">
<attribute name="AuthenticatorClassName">
com.nexacro.xpush.fw.service.auth.UserPropertiesEncryptAuthenticator_AES
</attribute>
</service>
</depends>
...
</service>
Class | Description |
---|---|
UserPropertiesEncryptAuthenticator_AES | Permit users with passwords encrypted using AES registered in the $XPUSH_HOME/conf/user.properties file. |
AES method DB connection setup
Refer to the description of the existing encryption method.: DB Connection Settings
<service name="DbcpService">
<attribute name="username">sa</attribute>
<attribute name="password"></attribute>
<attribute name="connectUri">jdbc:h2:tcp://localhost/~/test</attribute>
<attribute name="jdbcClassName">org.h2.Driver</attribute>
<attribute name="maxActive">10</attribute>
<attribute name="maxIdle">0</attribute>
<attribute name="minIdle">5</attribute>
<attribute name="maxWait">-1</attribute>
<attribute name="validationQuery">select 1 from dual</attribute>
<attribute name="testOnBorrow">true</attribute>
<attribute name="testOnReturn">false</attribute>
<attribute name="testWhileIdle">false</attribute>
<attribute name="timeBetweenEvictionRunsMillis">-1</attribute>
<attribute name="numTestsPerEvictionRun">3</attribute>
<attribute name="minEvictableIdleTimeMillis">1800000</attribute>
<attribute name="UserInfoEncryptorClassName">com.nexacro.xpush.crypto.XPushAESStringEncryptor</attribute>
<attribute name="isEncrypted">false</attribute>
</service>
How to Use
2 scripts to use in $XPUSH_HOME/bin (when using AES encryption algorithm)
run_encrypt_AES.bat/sh run_dbcp_userinfo_encrypt_AES.bat/sh
SSL encryption, user.properties encryption
For security reasons, we recommend using the encryption key inside X-PUSH.
The encryption key that can be arbitrarily specified is up to 16 characters.
This is due to a limitation on the use of the JDK's encryption module, so if you want to use an encryption key longer than 17 characters
you must set up the JCE Unlimited Strength Jurisdiction Policy File in JDK.
Script execution method
Used for string encryption, such as SSL encryption, user.properties encryption, etc.
- When encrypting using the encryption key inside X-PUSH
Windows: run_encrypt_AES.bat word (String to encrypt) Linux: ./run_encrypt_AES.sh word
- When using an encryption key arbitrarily designated by the user
Windows: run_encrypt_AES.bat word encryptKey (Encryption key arbitrarily designated by the user) Linux: ./run_encrypt_AES.sh word encryptKey
Setting xpush_config.xml
- Manual reflection required in xpush_config.xml
[SSL Encryption]
- Enter the encrypted string output by executing the script in Password of CertificateService and set isEncrypted to true.
[user.properties Encryption]
- Enter the encrypted string output by executing the script in the pw section written in the form of 'id=pw' in $XPUSH_HOME/conf/user.properties.
(Default: tobesoft=encrypted xpush)
Refer to the description of the existing encryption method.: SSL Certificate Information Encryption, user.properties password encryption
DB encryption
For security reasons, we recommend using the encryption key inside X-PUSH.
The encryption key that can be arbitrarily specified is up to 16 characters.
This is due to a limitation on the use of the JDK's encryption module, so if you want to use an encryption key longer than 17 characters
you must set up the JCE Unlimited Strength Jurisdiction Policy File in JDK.
Script execution method
Used for DB encryption
- When encrypting using the encryption key inside X-PUSH
Windows: run_dbcp_userinfo_encrypt_AES.bat word (String to encrypt) Linux: ./run_dbcp_userinfo_encrypt_AES.sh word
- When using an encryption key arbitrarily designated by the user
Windows: run_dbcp_userinfo_encrypt_AES.bat word encryptKey (Encryption key arbitrarily designated by the user) Linux: ./run_dbcp_userinfo_encrypt_AES.sh word encryptKey
How to set xpush_config.xml
- Automatically reflected in xpush_config.xml
- By executing the script, the username and password of DbcpService are changed to encrypted strings, and isEncrypted is changed to true.
Refer to the description of the existing encryption method.: DB Account Information Encryption
SSL decryption, user.properties decryption, DB decryption
- When decrypting using the encryption key inside X-PUSH
Windows: startup.bat Linux: ./startup.sh
- When using an encryption key arbitrarily designated by the user for decryption
Windows: startup.bat encryptKey (Encryption key arbitrarily designated by the user) Linux: ./starup.sh encryptKey
How to resolve errors related to encryption key
If the user-specified encryption key exceeds 16 characters and the JDK8 user does not have Unlimited JCE Policy set, the error below may occur.
Encryption key does not match. java.security.InvalidKeyException: Illegal key size
[Version prior to java 1.8.151 among java 1.8]
(Download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download)
Copy and paste local_policy.jar and US_export_policy.jar in the $JAVA_HOME/jre/lib/security folder.
Download path: https://www.oracle.com/java/technologies/javase-jce8-downloads.html
(Oracle account login required)
[Version higher than java 1.8.151 among java 1.8]
There are limited and unlimited folders in the $JAVA_HOME/lib/security/policy folder, and local_policy.jar and US_export_policy.jar files already exist.
Remove the comment crypto.policy=unlimited in the $JAVA_HOME/lib/security/java.security file.