Securing Web services at the message level

We are going to configure Web service message-level security of Java API for XML Web Services 2.1 (JAX-WS) running on WebSphere Application Server 7 using the Rational Application Developer 7.5/8.0 integrated development environment (IDE). To achieve that objective, we will perform the following tasks:

• How to create a JAX-WS service provider
• How to create a standalone JAX-WS client.
• How to monitor the SOAP messages using the TCP/IP Monitor.
• How to customize a WS-Security policy set in the WebSphere Application Server Administration Console.
• How to customize a policy set binding in the Administration Console.
• How to export policy sets and bindings from the Administration Console.
• How to generate X509 asymmetric keys and use them with your customized policy set bindings.
• How to import policy sets and bindings into the Rational Application Developer IDE.
• How to attach policy sets to Web service provider and servers using the Rational Application Developer IDE.
• How to create TestClient code using Web Services Security APIs
• How to use the UsernameToken (UNT) profile to add credentials to the SOAP header.
• How to use the UNT to authenticate against the WebSphere Application Server user repository.

 

ResourceServing Portlet JSR286

In general to implement serveResource you need to follow these steps :
 

1) Implement serveResource method in Portlet
 

2) Define the content Page - This content page is JSP that the serveResource() method forwards. Always create a separate content page for the output of the serveResource() method. A resource JSP is not mandatory because the output can be written directly on the response. The output of the serveResource() method can be HTML, XML, JSON, static resource and so on.
i.e.
public void serveResource(ResourceRequest request, ResourceResponse response) throws PortletException, IOException {
                String targetJsp="sample_resource.jsp";
                //Invoke business methods here
                //.......
                PortletRequestDispatcher rd=getPortetContext().getRequestDispatcher(targetJsp);
                rd.include(request,response);
}
Note : Don't use renderRequest and renderResponse object in resource.jsp instead use resourceRequest and resourceResponse if required

3) Generate the ResourceServing URL : The resource serving URL targets the serveResource() method
<div id="divToReplace">
                Content will be fetched dynamically
</div>

<form id="myForm" method="post" action="<portlet:resourceURL/>">
                <input type="submit" value="Get Data"/>
</form>
<script>
                var form=dojo.byId("myForm");
                dojo.connect(form,"onsubmit",function(event) {
                                //stop the submit event since we want to control form submission
                                event.preventDefault();
                                event.stopPropagation();

                                var xhrArgs={
                                                form: dojo.byId("myForm"),
                                                handleAs : "text",
                                                load : function(data) {
                                                                //callback function invoked when the response comes back successfully
                                                                dojo.byId("divToReplace").innerHTML=data;
                                                }
                                };
                                //perform AJAX call
                                dojo.xhrPost(xhrArgs);
                });
</script>

Portal v8 Modular Theme : Changing the Theme profile for a page

The default profile for the Portal8 theme is profiles/profile_deferred.json but you can override it at page level by setting the value of resourceaggregation.profile to different profile for example i can set it to profiles/profile_lightweight.json like this

Once you set that and access the page you will see that it does not have page action button any more.

Actually I was looking for this kind of user interface for selecting Theme Profile but with my Portalv8.0 installation without any fixpack this option is not coming for selection in Edit Page properties option

How to Install WebSphere Portal v8 ?

Portal v8 installation some general information:

General Information on IIM (IBM Installation Manager) :

• IBM Installation Manager replaces the ISMP installer and Portal Update Installer (PUI) and manages life cycle for WAS 8 and WP 8. IIM can install and uninstall core products, update or rollback fixpacks and fixes, modify and remove features
• IIM version 1.5.2 or higher required

General Information on WebSphere Portal 8 Installation:

• Portal 8 packaging comes from 3 sources: Live repository via Passport Advantage, physical DVD's, and electronic images.
• Can install WAS 32-bit on a 64-bit platform
• Windows XP and Windows 2003 are NOT supported with Portal 8

WebSphere Portal 8 installation steps

1.       Install using Live repository  or offline repository

In this scenario I used the offline mode and downloaded the sources from PA.

IBM_WS_P_AND_WCM_INSV8.0_1OF_7_MPML.zip

IBM_WS_P_AND_WCM_INSV8.0_2OF_7_MPML.zip

IBM_WS_P_AND_WCM_INSV8.0_3OF7_MPML.zip

IBM_WS_P_AND_WCM_INSV8.0_4OF7_MPML.zip

IBM_WS_P_AND_WCM_INSV8.0_5OF7_MPML.zip

IBM_WSA_SV_NW_DEP_V8.0.0.3_1OF3MPML.zip

IBM_WSA_SV_NW_DEP_V8.0.0.3_2OF3MPML.zip

IBM_WSA_SV_NW_DEP_V8.0.0.3_3OF3MPML.zip

2.       Install the IBM Installation Manager

Using IBM Installation Manager
I really like this idea and am hopeful that the implementation will live up to the promise it represents. You can point to a local downloaded repository, as is the case in this guide. Or, you could point to a live repository hosted by IBM. In addition to the simplified install process you gain better control over the WAS and Portal update procedures.

If you have an existing installation of the manager you should confirm that it is version 1.5.2 by launching the manager and selecting 'Help -> About' IBM Installation Manager.
If the version is not correct you may upgrade or uninstall and install from the source binaries.

Install the IIM(IBM Installation Manager) From <Root>\portal8\ IBM_WS_P_AND_WCM_INSV8.0_1OF_7_MPML\Setup\IIM\win32\Install.exe

3.       Configure the IBM Installation Manager

Once the installation manager has restarted you must configure it to reference the source repositories for the portal and the application server.

Locate the interface to add repositories by selecting File -> Preferences

In the preferences window you will see an Add Repository button. Click this. You will perform this operation for both the portal and the application server repository.

4.       Install IBM WebSphere Portal V 8.0

On the launch page of the installer click Install. Select the packages to install. Package selection is determined by the repositories configured for the installation manager.

Accept the license.

You will need to set an install path for the AppServer and PortalServer directory structures at this time.

Select features for installation. In this example we have maintained the default features

Select the profiles to install. In this scenario I selected Full profile , After profile selection you would see standard or advanced installation option . In advanced there is options to configure the hostname , nodename and cellname . you also have the option to change the portal context path from /wps to /prefered context path .

On the summary page confirm your choices and choose Install.

5.       Optional : After installation I wanted to update the Lates Java Fix for WAS ND . Start the IIM and select update , choose WAS ND 8.0.3 , Based on the live repository URL it shows all the available fixes , select the required Fixes and click Next and Install .

And thats it Portal 8 is installed and Updated to the latest Fix level

Federated repositories configuration

Step1 :
                Start Portal Server
                Login into Application Server - Integrated Solutions Console
                Go to - Security>Global Security
                Click on configure Note : Make Sure Federated Repository is selected

Step 2:
                On Federated repositories screen click "Add base entry to realm"
                On Repository reference screen click on "Add repository"
                Provide
                                Repository identifier : mytechuserbase
                                Directory type  : IBM Tivoli Directory Server

                                Primary host name  : localhost
                                Port : 389
                                Bind distinguished name : cn=root           Note : make sure this user exist in ldap and has rights to modify ldap entry
                                Bind password : root
                Clock on 'Ok' button

After that provide following info in current window
Distinguished name of a base entry that uniquely identifies this set of entries in the realm
dc=mytech,dc=com
Distinguished name of a base entry in this repository
dc=mytech,dc=com
Click on 'ok' button
Click on 'Save' link

Step3 :

Click on "Supported entity types" link and modify 'Group' and 'PersonAccount' values with
cn=groups,dc=mytech,dc=com and cn=users,dc=mytech,dc=com respectively

Step4 :

Restart the portal server to reflect the changes

Test the LDAP setup :

Login into Application Server - Integrated Solutions Console

Create the user/group and validate the same user/group details in LDAP server through ldap browser or IDSWebApp application.

Installation steps for Tivoli Directory Server Web Administration Tool -
1) Make sure Db2 and TDS instance is running
2) Start server1 profile
3) Deploy and start IDSWebApp.war
4) Open application IDSWebApp http://portal.mytech.com:10000/IDSWebApp/IDSjsp/Login.jsp. Default username and password superadmin/secret
5) Make cn=root as super user for domain (dc=mytech,dc=com)
6) Since we will be configuring Federated repository, we need to remove user's wpsadmin,wpsbind and group 'wpsadmins' from LDAP as these are already available in portal server.

Charting features in Portlet Factory v6.1.5

The GreenPoint Web Chart Builder feature set is not included with 6.1.5 and GreenPoint's jar files are not shipped with 6.1.5. Charting features are included automatically when you use the Dashboard feature set in a project.

For all charts except Dial charts, you can create custom charts with the IBM ILOG JViews Charts Designer.
To know the data format for each chat refer the icpr file i.e. Bar.icpr

Link for customizing chart using JView Charts Designer -
1) http://www-10.lotus.com/ldd/pfwiki.nsf/dx/WebSphere_Dashboard_Framework_Getting_to_know_the_new_charting_features_in_WDF_6.1.5
2) http://www-10.lotus.com/ldd/pfwiki.nsf/dx/WebSphere_Dashboard_Framework_Creating_a_custom_.CSS_chart_style

Retrieve a Page/Action With Ajax Request - Portlet Factory

This is specially needed when you want to open a popup window or want to show some data on triggered event without refreshing entire portal page.

You can have method builder with following code which return generated URL in string format :

JSPSupport.getActionURL(webAppAccess, webAppAccess.getBackchannelURLMapper(false), 

"keep_page:yourPageHere")

You can use this generated url with any link/href attribute.

Note :  
keep_page- last parameter is very important in portal context. 

keep_page specifies that portlet state wouldn't get change after the request is triggered.

Portal Version

To get the version of base installation :
1) Look inside WebSphere\PortalServer\wps.properties
2) or run WebSphere\PortalServer\bin\WPVersionInfo.sh

Check the fixes installed :
1) WPVersionInfo.sh -fixes
2) WPVersionInfo.sh -long

Delete WCM Library

Follow these links :
1) Cannot delete web content library from the Administration section in IBM Web Content Management (WCM) - http://www-01.ibm.com/support/docview.wss?uid=swg21293167

2) Library icons disabled or greyed out - http://www-01.ibm.com/support/docview.wss?uid=swg21384226

Library delete module to remove Web Content Management (WCM) libraries doesn't support from wcm6.1 onwards. - http://www-01.ibm.com/support/docview.wss?uid=swg21268739


Things to remember before deleting wcm library, make sure there is not ejbTimer running on specified library.

1) To find running ejbTimer : findEJBTimers.sh WebSphere_Portal -all -username wpsadmin -password <password>
2) Cancel ejbTimer task : cancelEJBTimers.sh WebSphere_Portal -timer <timerId>
3) Restart portal server

Marking portal pages as hidden

In WebSphere Portal, when creating a new page under content root, it will be shown on the quick links navigation.
If you do not want a page that you create to appear in the main menu, you can hide the page. You can use own customize links or navigation to access the page via direct URL mapping.

To hide the page, it can be done through WebSphere Portal XML configuration interface. You do this by setting the hidden flag for the page parameter for the content-node tag in XML. You can use the following XML snippet:

<request xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="PortalConfig_1.4.xsd" type="update" create-oids="true">
<portal action="locate">
<content-node action="update" uniquename="com.mypage" active ="true">
<parameter name="com.ibm.portal.Hidden" type="string" update="set"><![CDATA[true]]></parameter>
</content-node>
</portal>
</request>

How to enable remote debugging for a WebSphere Web application using RAD

Step 1:

To be able to debug an Enterprise Application you must enable the Debugging service for WebSphere Application server.

Ensure you set up an appropriate port that the development client is able to access.

Things to remember here :

1)       You must start server is debug mode either by selecting ‘Enable service at server startup’ or by using RAD

2)       Take a note of JVM Debug port

Step 2:

Using RAD (IBM Rapid Application Developer)

Switch to Debug Perspective

Open Debug configurations and Set-up remote debug details using appropriate port as set in the Application server's Debugging service.

Note: If you get this dialog, it is because the server is not started or you have a firewall issue or incorrect connection details.

Finally Set a break point on deployed web project.