package com.pankaj.test;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.ibm.websphere.security.WebTrustAssociationException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.wsspi.security.tai.TAIResult;
import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;
public class PortalCustomTAI implements TrustAssociationInterceptor {
public void cleanup() {
//TODO ... Perform any cleanup here.
}
public String getType() {
return "Custom TAI ... " + this.getClass().getName();
}
public String getVersion() {
return "1.0";
}
public int initialize(Properties prop) throws WebTrustAssociationFailedException {
System.out.println("Portal Custom TAI Initialized ... ");
//TODO Perform any initialization operations here.
return 0;
}
public boolean isTargetInterceptor(HttpServletRequest req) throws WebTrustAssociationException {
System.out.println("Portal Custom TAI isTargetInterceptor ... sessionId : " + req.getRequestedSessionId());
boolean isTAIHandlingRequired = false;
// isTAIHandlingRequired = .... ; //Perform the appropriate operation here to check if this is the right TAI to invoke.
System.out.println("Portal Custom TAI isTargetInterceptor ... : " + isTAIHandlingRequired);
return isTAIHandlingRequired;
}
public TAIResult negotiateValidateandEstablishTrust(HttpServletRequest req, HttpServletResponse res) throws WebTrustAssociationFailedException {
TAIResult taiResult = null;
System.out.println("1. Portal Custom TAI negotiateValidateandEstablishTrust ... sessionId : " + req.getRequestedSessionId());
String userId = "testUser"; //Perform the appropriate operation here to obtain the user id which needs to be authenticated without password.
if(userId != null && !userId.trim().equals("")){
taiResult = TAIResult.create(HttpServletResponse.SC_OK, userId);
}
System.out.println("2. Portal Custom TAI negotiateValidateandEstablishTrust userId: " + userId);
return taiResult;
}
}
Monday, January 31, 2011
Reuse the old session ID in WAS 6.1.x
Navigate to following:
Application servers > WebSphere_Portal > Process Definition > Java Virtual Machine > Custom Properties
Add a "New" custom property
Name: HttpSessionIdReuse
Value: true
Description: It instructs JVM to reuse the session ID when user session changes from unauthenticated to authenticated.
Application servers > WebSphere_Portal > Process Definition > Java Virtual Machine > Custom Properties
Add a "New" custom property
Name: HttpSessionIdReuse
Value: true
Description: It instructs JVM to reuse the session ID when user session changes from unauthenticated to authenticated.
Enable anonymous session in WAS 6.1.x
Navigate to following:
Resource environment providers > WP NavigatorService > Custom properties
Add a "New" custom property:
Name: public.session
Value: true
Description: This property is used to enable anonymous user session.
Resource environment providers > WP NavigatorService > Custom properties
Add a "New" custom property:
Name: public.session
Value: true
Description: This property is used to enable anonymous user session.
Saturday, October 30, 2010
How to add a new base entry to VMM DB?
VMM Database insert statement:
insert into dbentity (entity_id, entity_type, unique_id, unique_name, unique_name_key) values (-3000, 'OrgContainer', 'a9e5a980-3cec-11da-a833-828d43500d21', 'o=testOrg2', 'o=testOrg2');
wimconfig.xml file changes:
<config:repositories xsi:type="config:DatabaseRepositoryType" adapterClassName="com.ibm.ws.wim.adapter.db.DBAdapter"
id="DB2MemberRepos" isExtIdUnique="true" supportExternalName="false" supportPaging="false"
.......
.......
entityRetrievalLimit="50" JDBCDriverClass="com.ibm.db2.jcc.DB2Driver" saltLength="12">
<config:baseEntries name="o=testOrg1" nameInRepository="o=testOrg1"/>
<config:baseEntries name="o=testOrg2" nameInRepository="o=testOrg2"/>
</config:repositories>
<config:realms delimiter="/" name="defaultWIMFileBasedRealm" securityUse="active"
allowOperationIfReposDown="false">
<config:participatingBaseEntries name="o=defaultWIMFileBasedRealm"/>
<config:participatingBaseEntries name="o=testOrg"/>
<config:participatingBaseEntries name="o=testOrg1"/>
<config:participatingBaseEntries name="o=testOrg2"/>
<config:defaultParents entityTypeName="OrgContainer" parentUniqueName="o=testOrg"/>
<config:defaultParents entityTypeName="PersonAccount" parentUniqueName="o=testOrg"/>
<config:defaultParents entityTypeName="Group" parentUniqueName="o=testOrg"/>
<config:uniqueUserIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:userSecurityNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:userDisplayNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:uniqueGroupIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:groupSecurityNameMapping propertyForInput="cn" propertyForOutput="cn"/>
<config:groupDisplayNameMapping propertyForInput="cn" propertyForOutput="cn"/>
</config:realms>
<config:realms delimiter="/" name="dbdir.testOrg" securityUse="active" allowOperationIfReposDown="true">
<config:participatingBaseEntries name="o=defaultWIMFileBasedRealm"/>
<config:participatingBaseEntries name="o=testOrg"/>
<config:participatingBaseEntries name="o=testOrg1"/>
<config:participatingBaseEntries name="o=testOrg2"/>
<config:defaultParents entityTypeName="OrgContainer" parentUniqueName="o=testOrg2"/>
<config:defaultParents entityTypeName="PersonAccount" parentUniqueName="o=testOrg2"/>
<config:defaultParents entityTypeName="Group" parentUniqueName="o=testOrg2"/>
<config:uniqueUserIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:userSecurityNameMapping propertyForInput="principalName" propertyForOutput="externalName"/>
<config:userDisplayNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:uniqueGroupIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:groupSecurityNameMapping propertyForInput="cn" propertyForOutput="externalName"/>
<config:groupDisplayNameMapping propertyForInput="cn" propertyForOutput="cn"/>
</config:realms>
insert into dbentity (entity_id, entity_type, unique_id, unique_name, unique_name_key) values (-3000, 'OrgContainer', 'a9e5a980-3cec-11da-a833-828d43500d21', 'o=testOrg2', 'o=testOrg2');
wimconfig.xml file changes:
<config:repositories xsi:type="config:DatabaseRepositoryType" adapterClassName="com.ibm.ws.wim.adapter.db.DBAdapter"
id="DB2MemberRepos" isExtIdUnique="true" supportExternalName="false" supportPaging="false"
.......
.......
entityRetrievalLimit="50" JDBCDriverClass="com.ibm.db2.jcc.DB2Driver" saltLength="12">
<config:baseEntries name="o=testOrg1" nameInRepository="o=testOrg1"/>
<config:baseEntries name="o=testOrg2" nameInRepository="o=testOrg2"/>
</config:repositories>
<config:realms delimiter="/" name="defaultWIMFileBasedRealm" securityUse="active"
allowOperationIfReposDown="false">
<config:participatingBaseEntries name="o=defaultWIMFileBasedRealm"/>
<config:participatingBaseEntries name="o=testOrg"/>
<config:participatingBaseEntries name="o=testOrg1"/>
<config:participatingBaseEntries name="o=testOrg2"/>
<config:defaultParents entityTypeName="OrgContainer" parentUniqueName="o=testOrg"/>
<config:defaultParents entityTypeName="PersonAccount" parentUniqueName="o=testOrg"/>
<config:defaultParents entityTypeName="Group" parentUniqueName="o=testOrg"/>
<config:uniqueUserIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:userSecurityNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:userDisplayNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:uniqueGroupIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:groupSecurityNameMapping propertyForInput="cn" propertyForOutput="cn"/>
<config:groupDisplayNameMapping propertyForInput="cn" propertyForOutput="cn"/>
</config:realms>
<config:realms delimiter="/" name="dbdir.testOrg" securityUse="active" allowOperationIfReposDown="true">
<config:participatingBaseEntries name="o=defaultWIMFileBasedRealm"/>
<config:participatingBaseEntries name="o=testOrg"/>
<config:participatingBaseEntries name="o=testOrg1"/>
<config:participatingBaseEntries name="o=testOrg2"/>
<config:defaultParents entityTypeName="OrgContainer" parentUniqueName="o=testOrg2"/>
<config:defaultParents entityTypeName="PersonAccount" parentUniqueName="o=testOrg2"/>
<config:defaultParents entityTypeName="Group" parentUniqueName="o=testOrg2"/>
<config:uniqueUserIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:userSecurityNameMapping propertyForInput="principalName" propertyForOutput="externalName"/>
<config:userDisplayNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
<config:uniqueGroupIdMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>
<config:groupSecurityNameMapping propertyForInput="cn" propertyForOutput="externalName"/>
<config:groupDisplayNameMapping propertyForInput="cn" propertyForOutput="cn"/>
</config:realms>
Friday, October 29, 2010
SECJ0369E: Authentication failed when using LTPA. The exception is
Check if following is correct based on the repository setting:
<config:supportedEntityTypes defaultParent="o=testOrg" name="PersonAccount">
<config:rdnProperties>uid</config:rdnProperties>
Check if defaultParent and config:rdnProperties have correct values.
Try cleaning up temporary folders :
wp_profile\temp
wp_profile\wstemp
wp_profile\tranlog
This might resolve the issue if all the configuration seems correct.
<config:supportedEntityTypes defaultParent="o=testOrg" name="PersonAccount">
<config:rdnProperties>uid</config:rdnProperties>
Check if defaultParent and config:rdnProperties have correct values.
Try cleaning up temporary folders :
wp_profile\temp
wp_profile\wstemp
wp_profile\tranlog
This might resolve the issue if all the configuration seems correct.
Thursday, April 1, 2010
New Features of WebSphere Application Server V 7.0
New features and enhancements in WebSphere Application Server V 7.0
Common
• Built on top of Java Platform Enterprise Edition (Java EE) 5.0 and Java Standard Edition (Java SE) 6.0
• Provides EJB 3.0
• Provides Java Persistence API (JPA) 1.0
• Ease in administration and movement of the applications from one environment to another.
• Better performance than previous versions
• EJB 3.0 API is simpler to code and provides better performance of previous versions.
• Resource efficient features, faster run-time, and new high-performance Web Service Engine
• LTPA Token V2.0 support for SSO
Administration
• Easy administration with Job Manager – remotely manage different environments with Job Manager including standalone servers and clustered environments from one central location across dispersed geographical locations.
• Administer multiple stand-alone nodes using Administrative agent – Single interface to administer multiple application servers, thereby reducing the overhead of running administrative services in every application server.
• Provides support for portable properties files which can be deployed across multiple environments with portable resource identifiers. Improves administration and movement of applications across different environments like dev, test, uat, prod, etc.
• Configure client reroute for applications using DB2 database – Specify alternate DB2 database server in case primary server fails to reroute the client requests to provide high availability.
• Authentication alias can be defined for each server. Server level authentication aliases will not be visible / accessible to other servers in the environment.
• Multiple mail providers and sessions supported. Different versions of the mail provider can co-exist with in the same JVM to provide better control and segregation for different applications.
• Business-level application is a new way of grouping applications together. This is in addition to servers, clusters, cells, EARs, WARs, etc. This way multiple EARs/WARs/JARs can be grouped together into one logical unit and me managed that way like start/stop them all with one command.
• Support of trusted context for DB2 databases to provide fine grained access control.
Security
• Support for Security Domains – Multiple security domains can be configured. Different applications/servers/clusters can be assigned to different security domains to achieve fine grained control over authentication/authorization. Local configuration defined for an application/server/cluster will over-ride global configuration; Following can be configured at local level:
Development
• Better transaction execution isolation with the provision to specify “commit priority” of the resources contained in a transaction.
• Client reroute for applications that use DB2 databases
• Better handling of data access exception with custom error mapping in DataStoreHelper
Common
• Built on top of Java Platform Enterprise Edition (Java EE) 5.0 and Java Standard Edition (Java SE) 6.0
• Provides EJB 3.0
• Provides Java Persistence API (JPA) 1.0
• Ease in administration and movement of the applications from one environment to another.
• Better performance than previous versions
• EJB 3.0 API is simpler to code and provides better performance of previous versions.
• Resource efficient features, faster run-time, and new high-performance Web Service Engine
• LTPA Token V2.0 support for SSO
Administration
• Easy administration with Job Manager – remotely manage different environments with Job Manager including standalone servers and clustered environments from one central location across dispersed geographical locations.
• Administer multiple stand-alone nodes using Administrative agent – Single interface to administer multiple application servers, thereby reducing the overhead of running administrative services in every application server.
• Provides support for portable properties files which can be deployed across multiple environments with portable resource identifiers. Improves administration and movement of applications across different environments like dev, test, uat, prod, etc.
• Configure client reroute for applications using DB2 database – Specify alternate DB2 database server in case primary server fails to reroute the client requests to provide high availability.
• Authentication alias can be defined for each server. Server level authentication aliases will not be visible / accessible to other servers in the environment.
• Multiple mail providers and sessions supported. Different versions of the mail provider can co-exist with in the same JVM to provide better control and segregation for different applications.
• Business-level application is a new way of grouping applications together. This is in addition to servers, clusters, cells, EARs, WARs, etc. This way multiple EARs/WARs/JARs can be grouped together into one logical unit and me managed that way like start/stop them all with one command.
• Support of trusted context for DB2 databases to provide fine grained access control.
Security
• Support for Security Domains – Multiple security domains can be configured. Different applications/servers/clusters can be assigned to different security domains to achieve fine grained control over authentication/authorization. Local configuration defined for an application/server/cluster will over-ride global configuration; Following can be configured at local level:
o Application Security
o Java 2 Security
o User Realm (user registry)
o Trust Association (TAI)
o JAAS Login Module (Application, System and J2C Authentication Data)
o Authentication mechanism attributes
o Java 2 Security
o User Realm (user registry)
o Trust Association (TAI)
o JAAS Login Module (Application, System and J2C Authentication Data)
o Authentication mechanism attributes
o Simple and Protected GSS-API Negotiation (SPNEGO) Web Authentication
o Authorization provider
o Other attributes
o Custom properties
• SPNEGO Web Authentication is now supported with enhanced features including dynamic reload of SPNEGO module with the need of server restart.o Authorization provider
o Other attributes
o Custom properties
Development
• Better transaction execution isolation with the provision to specify “commit priority” of the resources contained in a transaction.
• Client reroute for applications that use DB2 databases
• Better handling of data access exception with custom error mapping in DataStoreHelper
Saturday, March 13, 2010
Web 2.0 Theme – Navigation Issue – Links does not work after navigating back and forth on a page
WebSphere Portal Web 2.0 theme caches the links navigated. To overcome this problem comment out the following code in head_extras.jspf file:
function bootstrap() {
var currentState = null;
var prevUrl = com.ibm.portal.aggregation.backbutton.BACK_BUTTON_HANDLER.loadUrlFrag();
var currentUrl = top.location.href;
//if(prevUrl == currentUrl) {
// alert('prevUrl == currentUrl');
// currentState = com.ibm.portal.aggregation.backbutton.BACK_BUTTON_HANDLER.loadState();
// if ( currentState ) {
// ibm.portal.debug.text( "Loaded state from back button handler: " + dojox.data.dom.innerXML( currentState ) );
// }
// }
//Set flag to indicate CSA mode is active.
document.isCSA = true;
This should resolve the issue of non-navigating links.
WAS Tags: WebSphere Portal, WebSphere Application Server, WAS, Theme, Skin, Navigation, Java, Web 2.0, Links, CSA, Client Side Aggregation
Subscribe to:
Posts (Atom)