Securing Web services at the message level

We are going to configure Web service message-level security of Java API for XML Web Services 2.1 (JAX-WS) running on WebSphere Application Server 7 using the Rational Application Developer 7.5/8.0 integrated development environment (IDE). To achieve that objective, we will perform the following tasks:

• How to create a JAX-WS service provider
• How to create a standalone JAX-WS client.
• How to monitor the SOAP messages using the TCP/IP Monitor.
• How to customize a WS-Security policy set in the WebSphere Application Server Administration Console.
• How to customize a policy set binding in the Administration Console.
• How to export policy sets and bindings from the Administration Console.
• How to generate X509 asymmetric keys and use them with your customized policy set bindings.
• How to import policy sets and bindings into the Rational Application Developer IDE.
• How to attach policy sets to Web service provider and servers using the Rational Application Developer IDE.
• How to create TestClient code using Web Services Security APIs
• How to use the UsernameToken (UNT) profile to add credentials to the SOAP header.
• How to use the UNT to authenticate against the WebSphere Application Server user repository.

 

ResourceServing Portlet JSR286

In general to implement serveResource you need to follow these steps :
 

1) Implement serveResource method in Portlet
 

2) Define the content Page - This content page is JSP that the serveResource() method forwards. Always create a separate content page for the output of the serveResource() method. A resource JSP is not mandatory because the output can be written directly on the response. The output of the serveResource() method can be HTML, XML, JSON, static resource and so on.
i.e.
public void serveResource(ResourceRequest request, ResourceResponse response) throws PortletException, IOException {
                String targetJsp="sample_resource.jsp";
                //Invoke business methods here
                //.......
                PortletRequestDispatcher rd=getPortetContext().getRequestDispatcher(targetJsp);
                rd.include(request,response);
}
Note : Don't use renderRequest and renderResponse object in resource.jsp instead use resourceRequest and resourceResponse if required

3) Generate the ResourceServing URL : The resource serving URL targets the serveResource() method
<div id="divToReplace">
                Content will be fetched dynamically
</div>

<form id="myForm" method="post" action="<portlet:resourceURL/>">
                <input type="submit" value="Get Data"/>
</form>
<script>
                var form=dojo.byId("myForm");
                dojo.connect(form,"onsubmit",function(event) {
                                //stop the submit event since we want to control form submission
                                event.preventDefault();
                                event.stopPropagation();

                                var xhrArgs={
                                                form: dojo.byId("myForm"),
                                                handleAs : "text",
                                                load : function(data) {
                                                                //callback function invoked when the response comes back successfully
                                                                dojo.byId("divToReplace").innerHTML=data;
                                                }
                                };
                                //perform AJAX call
                                dojo.xhrPost(xhrArgs);
                });
</script>

Portal v8 Modular Theme : Changing the Theme profile for a page

The default profile for the Portal8 theme is profiles/profile_deferred.json but you can override it at page level by setting the value of resourceaggregation.profile to different profile for example i can set it to profiles/profile_lightweight.json like this

Once you set that and access the page you will see that it does not have page action button any more.

Actually I was looking for this kind of user interface for selecting Theme Profile but with my Portalv8.0 installation without any fixpack this option is not coming for selection in Edit Page properties option

How to Install WebSphere Portal v8 ?

Portal v8 installation some general information:

General Information on IIM (IBM Installation Manager) :

• IBM Installation Manager replaces the ISMP installer and Portal Update Installer (PUI) and manages life cycle for WAS 8 and WP 8. IIM can install and uninstall core products, update or rollback fixpacks and fixes, modify and remove features
• IIM version 1.5.2 or higher required

General Information on WebSphere Portal 8 Installation:

• Portal 8 packaging comes from 3 sources: Live repository via Passport Advantage, physical DVD's, and electronic images.
• Can install WAS 32-bit on a 64-bit platform
• Windows XP and Windows 2003 are NOT supported with Portal 8

WebSphere Portal 8 installation steps

1.       Install using Live repository  or offline repository

In this scenario I used the offline mode and downloaded the sources from PA.

IBM_WS_P_AND_WCM_INSV8.0_1OF_7_MPML.zip

IBM_WS_P_AND_WCM_INSV8.0_2OF_7_MPML.zip

IBM_WS_P_AND_WCM_INSV8.0_3OF7_MPML.zip

IBM_WS_P_AND_WCM_INSV8.0_4OF7_MPML.zip

IBM_WS_P_AND_WCM_INSV8.0_5OF7_MPML.zip

IBM_WSA_SV_NW_DEP_V8.0.0.3_1OF3MPML.zip

IBM_WSA_SV_NW_DEP_V8.0.0.3_2OF3MPML.zip

IBM_WSA_SV_NW_DEP_V8.0.0.3_3OF3MPML.zip

2.       Install the IBM Installation Manager

Using IBM Installation Manager
I really like this idea and am hopeful that the implementation will live up to the promise it represents. You can point to a local downloaded repository, as is the case in this guide. Or, you could point to a live repository hosted by IBM. In addition to the simplified install process you gain better control over the WAS and Portal update procedures.

If you have an existing installation of the manager you should confirm that it is version 1.5.2 by launching the manager and selecting 'Help -> About' IBM Installation Manager.
If the version is not correct you may upgrade or uninstall and install from the source binaries.

Install the IIM(IBM Installation Manager) From <Root>\portal8\ IBM_WS_P_AND_WCM_INSV8.0_1OF_7_MPML\Setup\IIM\win32\Install.exe

3.       Configure the IBM Installation Manager

Once the installation manager has restarted you must configure it to reference the source repositories for the portal and the application server.

Locate the interface to add repositories by selecting File -> Preferences

In the preferences window you will see an Add Repository button. Click this. You will perform this operation for both the portal and the application server repository.

4.       Install IBM WebSphere Portal V 8.0

On the launch page of the installer click Install. Select the packages to install. Package selection is determined by the repositories configured for the installation manager.

Accept the license.

You will need to set an install path for the AppServer and PortalServer directory structures at this time.

Select features for installation. In this example we have maintained the default features

Select the profiles to install. In this scenario I selected Full profile , After profile selection you would see standard or advanced installation option . In advanced there is options to configure the hostname , nodename and cellname . you also have the option to change the portal context path from /wps to /prefered context path .

On the summary page confirm your choices and choose Install.

5.       Optional : After installation I wanted to update the Lates Java Fix for WAS ND . Start the IIM and select update , choose WAS ND 8.0.3 , Based on the live repository URL it shows all the available fixes , select the required Fixes and click Next and Install .

And thats it Portal 8 is installed and Updated to the latest Fix level

Federated repositories configuration

Step1 :
                Start Portal Server
                Login into Application Server - Integrated Solutions Console
                Go to - Security>Global Security
                Click on configure Note : Make Sure Federated Repository is selected

Step 2:
                On Federated repositories screen click "Add base entry to realm"
                On Repository reference screen click on "Add repository"
                Provide
                                Repository identifier : mytechuserbase
                                Directory type  : IBM Tivoli Directory Server

                                Primary host name  : localhost
                                Port : 389
                                Bind distinguished name : cn=root           Note : make sure this user exist in ldap and has rights to modify ldap entry
                                Bind password : root
                Clock on 'Ok' button

After that provide following info in current window
Distinguished name of a base entry that uniquely identifies this set of entries in the realm
dc=mytech,dc=com
Distinguished name of a base entry in this repository
dc=mytech,dc=com
Click on 'ok' button
Click on 'Save' link

Step3 :

Click on "Supported entity types" link and modify 'Group' and 'PersonAccount' values with
cn=groups,dc=mytech,dc=com and cn=users,dc=mytech,dc=com respectively

Step4 :

Restart the portal server to reflect the changes

Test the LDAP setup :

Login into Application Server - Integrated Solutions Console

Create the user/group and validate the same user/group details in LDAP server through ldap browser or IDSWebApp application.

Installation steps for Tivoli Directory Server Web Administration Tool -
1) Make sure Db2 and TDS instance is running
2) Start server1 profile
3) Deploy and start IDSWebApp.war
4) Open application IDSWebApp http://portal.mytech.com:10000/IDSWebApp/IDSjsp/Login.jsp. Default username and password superadmin/secret
5) Make cn=root as super user for domain (dc=mytech,dc=com)
6) Since we will be configuring Federated repository, we need to remove user's wpsadmin,wpsbind and group 'wpsadmins' from LDAP as these are already available in portal server.