Using Apache Abdera for working with Lotus Connections API

In the Connections API entry i blogged about how to make a REST call to the Connection server using simple Java based API, But in order to work with Connections we need two parts first is ability to make HTTP call and other is ability to parse the feed and get information from it.

The Apache Abdera project library provides infrastructure to help in both these infrastructure pieces. Both the part to make HTTP call and the part required for parsing and working with feed. I wanted to try this so i did create this HelloProfileAPI.java which is standalone Java application which makes a call to profile service and returns the result in ATOM format, once the results are returned it prints the content of feed entries on System.Out


package com.webspherenotes.connections;

import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.List;

import org.apache.abdera.Abdera;
import org.apache.abdera.model.Document;
import org.apache.abdera.model.Entry;
import org.apache.abdera.model.Feed;
import org.apache.abdera.parser.Parser;

public class HelloProfileAPI {

public static void main(String[] args) {
try {
URL url = new URL(
"http://wpconnections.atech.com/profiles/atom/search.do?name=was");

// Open the URL: throws exception if not found
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.connect();
InputStream inputStream = conn.getInputStream();
Abdera abdera = new Abdera();
Parser parser = abdera.getParser();
Document feed_doc = parser.parse(inputStream);
Feed feed = feed_doc.getRoot();
List entryList = feed.getEntries();
for (Entry e : entryList) {
System.out.println(e.getContent());
}
} catch (MalformedURLException e) {
e.printStackTrace(System.out);
} catch (IOException e) {
e.printStackTrace(System.out);
}
}
}


In this case i am making call to "http://wpconnections.atech.com/profiles/atom/search.do?name=was" and then parsing the feed and then i am printing content of feed entry to System.out. In my case there is only one user with name equal to was so it returns big chunk of HTML for that user like this


<span xmlns="http://www.w3.org/1999/xhtml" class="vcard"><div><img src="http://wpconnections.atech.com/profiles/photo.do?key=c3219b57-5e65-4c50-b00a-3e722315d035&lastMod=1302886728960" class="photo"></img></div><div><a class="fn url" href="http://wpconnections.atech.com/profiles/atom/profile.do?key=c3219b57-5e65-4c50-b00a-3e722315d035">was bind</a></div><div><a class="sound url" href="http://wpconnections.atech.com/profiles/audio.do?key=c3219b57-5e65-4c50-b00a-3e722315d035&lastMod=1302886728960">Pronunciation</a></div><div class="x-groupwareMail" style="display:none"></div><div class="org"><span class="organization-unit"></span></div><div class="role"></div><div class="title"></div><div class="x-office"><span class="x-building"></span><span class="x-floor"></span><span class="x-office-number"></span></div><div class="tel"><abbr class="type" title="work">Work:</abbr><span class="value"></span></div><div class="x-manager-uid" style="display:none"></div><div class="x-is-manager" style="display:none">N</div><div class="x-profile-key">c3219b57-5e65-4c50-b00a-3e722315d035</div><div class="uid">546b0260-6273-497e-acfa-1e898f3037d4</div><div class="x-profile-uid">wasbind</div><div class="x-lconn-userid">546b0260-6273-497e-acfa-1e898f3037d4</div><div class="rev" style="display:none">2011-04-15T16:58:48.960Z</div><div class="x-profile-type" style="display:none">default</div></span></>




I tried pasting the HTML in a simple test.html to see what is getting returned and i can see the markup for person card like this

Using Connection API

There could be situations when you would want to use the Connections API for interacting with Connections from outside the Web interface provided by Connection. Ex, you want to create a custom web application or portlet that will let you search for user in the Connection profile repository or want to pull users blog entries and display them outside, if thats the case you should use the REST API provided by Connections, basic idea is you make a HTTP call from your application to Connection, and it will return ATOM based response, you can then parse the feed,.. If you want to post data to connections you will have to create ATOM feed and send it to Connection using HTTP using either HTTP POST or PUT methods or you can delete a record by calling HTTP DELETE method.

I wanted to try this feature so i did create a simple standalone Java application which makes use of plain java to make a HTTP call with name of the user as argument to profiles feature in Connections and the Connections server will return list of all the users with matching name and i will print the output to Standard output



package com.webspherenotes.ssl;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;

public class HelloSSL {

public static void main(String[] args) {
try {
URL url =
new URL("http://wpconnections.atech.com/profiles/atom/search.do?name=was");

// Open the URL: throws exception if not found
HttpURLConnection conn =
(HttpURLConnection)url.openConnection();
conn.connect();
InputStream inputStream = conn.getInputStream();
BufferedReader reader =
new BufferedReader(new InputStreamReader(inputStream));
String line = null;
while((line = reader.readLine()) != null){
System.out.println(line);
}
} catch (MalformedURLException e) {
e.printStackTrace(System.out);
} catch (IOException e) {
e.printStackTrace(System.out);
}
}
}


In my case the profiles application is available at http://wpconnections.atech.com/profiles and i am calling the Search API with one parameter name=was, which is my search criteria. Similarly you can search for all the users from say Fremont city by passing city=fremont as argument.

Connection will return a search result in ATOM feed format, i am reading that response and printing it to System.out.Take a look at Lotus Connections API document for more information what API meets your requirement and what are the inputs and outputs of the API call.

Making HTTPS call from inside the WebSphere Application Server

In the Getting markup from HTTPS connection in Java program entry i talked about how to make a HTTPS call from standalone Java program, but what if you want to make a HTTPS call from a Servlet, or some code that is running inside J2EE container such as WebSphere Application server, In that case you will have to import the SSL certificate inside WAS.

I wanted to figure out the steps to make HTTPS call from inside WAS so i did create a DemoSSL servlet that takes URL that you want to access as input and makes request to that URL, once the request is successful it will write the response back to the output. Then i configured WAS so that i can make call to https://mail.atech.com, my employers email server but you can use some other https url if you want.

First i did create a DemoSSLServlet that looks like this



package com.webspherenotes.ssl;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
* Servlet implementation class DemoSSLServlet
*/
public class DemoSSLServlet extends HttpServlet {

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("Entering DemoSSLServlet.doPost()");
String submitUrl = request.getParameter("url");
System.out.println("Value of URL " + submitUrl);
URL url = new URL(submitUrl);

// Open the URL: throws exception if not found
HttpURLConnection conn =
(HttpURLConnection)url.openConnection();
conn.connect();
InputStream inputStream = conn.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
String line = null;
while((line = reader.readLine()) != null){
response.getWriter().println(line);
}
System.out.println("Exiting DemoSSLServlet.doPost()");
}

}


In the DemoSSLServlet servlet, i did override the doPost() method and in this method i am making call to the supplied URL and printing response to the output. also had to create index.jsp to take URL as input from user


<%@ page language="java" contentType="text/html; %>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<form action="DemoSSLServlet" method="post">
<table>
<tr>
<td>URL</td>
<td><input type="text" name="url" /></td>
<td><input type="Submit" name="submit" /></td>
</tr>
</table>
</form>
</body>
</html>


Then i did install the DemoSSL.war file on my WAS server, i tried testing it with http://www.google.com and made sure that it works and it is able to return markup, But when i tried accessing the https://mail.atech.com URL i got following error



So next step was to configure the WAS trust store so that it would trust SSL certificate from https://mail.atech.com. Login into the WAS Admin console and go to Security -< SSL Certificate and Key Management page like this



Click on Key Stores and Certificates



Click on CellDefaultTrustStore




Click on Signer Certificates



Click on Retrieve from Port button to get a screen like this,



On this page enter the information related to the Host from which you want to import the SSL certificate



Click on Retrieve signer certificate button, at this point WAS will import the SSL certificate from host and display it like this





Now save the changes and when you try to hit the URL again it should work without throwing exception

Getting markup from HTTPS connection in Java program

One of the common requirements in J2EE is making a request to HTTP URL and getting response back. The JDK has support to make HTTP call and get response, you dont have to use any external library if you dont want to but (But most of us use Apache HTTP Client).

This sample code demonstrates how you can make a HTTP call to http://wpconnections1.atech.com/ and get and print response back to the console


package com.webspherenotes.ssl;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;

public class HelloSSL {
public static void main(String[] args) {
try {
URL url = new URL("http://wpconnections1.atech.com/");

// Open the URL: throws exception if not found
HttpURLConnection conn =
(HttpURLConnection)url.openConnection();
conn.connect();
InputStream inputStream = conn.getInputStream();
BufferedReader reader =
new BufferedReader(new InputStreamReader(inputStream));
String line = null;
while((line = reader.readLine()) != null){
System.out.println(line);
}
} catch (MalformedURLException e) {
e.printStackTrace(System.out);
} catch (IOException e) {
e.printStackTrace(System.out);
}
}
}



This program works but you might want to access the same URL on HTTPs instead of HTTP, This program will work if you try to access say https://encrypted.google.com. But, In development environment we use self-signed SSL certificate and your JVM would not trust the self-signed SSL certificate. So when you try to connect to http://wpconnections1.atech.com/ it will throw this exception


javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.webspherenotes.ssl.HelloSSL.main(HelloSSL.java:23)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 18 more


You will have to follow some additional steps to import the self signed SSL certificate in your JVM so that it trust it. There are multiple ways to do that but the one that i like is outlined here http://blogs.sun.com/andreas/entry/no_more_unable_to_find, first i had to download the InstallCert.java on my machine and package it into a .jar file then i executed


java -jar InstallCert.jar wpconnections1.atech.com


This will create a jssecacert file on your machine where you executed the InstallCert.jar. In my case i did execute the .jar in c:\temp so i did create a C:\Temp\jssecacert file in that directory. This file has the imported certificate for wpconnections1.atech.com

Then i went back to my program and i did execute it by adding following JVM argument -Djavax.net.ssl.trustStore="c:\temp\jssecacerts" like this


Now when i run the HelloSSL program i can see response being returned

Deploying custom widget on Connections Home Page

I wanted to learn how to add a custom iwidget to my HomePage in the Connections so i followed these steps


  • First i did create hellowidget.xml file that will display Hello lotus connections widget message in the view mode, this is how my hellowidget.xml file looks like


    <?xml version="1.0" encoding="UTF-8" ?>
    <iw:iwidget id="MyWidgets"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:iw="http://www.ibm.com/xmlns/prod/iWidget"
    supportedModes="view" mode="view" lang="en">
    <iw:content mode="view">
    <![CDATA[
    <div>Hello lotus connections widget</div>
    ]]>
    </iw:content>
    </iw:iwidget>

    You can find more information about the iwidget here

  • Before i could use the widget i need to make it available on http, there are few different options for doing that, you can copy it in web application and install that web application on your connections server or the simplest is to copy it to HTTP server, in my case i copied it to E:\IBM\HTTPServer\htdocs and then i did access it by going to http://wpconnections.atech.com/hellowidget.xml to make sure i can access the widget.xml like this


  • Then i logged into the Connections Home page as admin user and went to Administration tab



    On this page click on Add another widget button

  • On the next page enter values for the newly added widget such as title, URL of the widget.xml file,...etc


  • Save your changes and it will take you back to the Administration tab, by default the newly added widget appears in the Disabled Widgets column, so select the widget can click on Enable button


  • Once you enable the widget it gets displayed under the Enabled Widgets column like this


  • Now if you go to HomePage and click on the HomePage you can see the HelloConnections widget in the available widget list click on add button to add to the page




You will notice that the widget is added to page and the view mode markup is displayed like this

Assigning administrator role to HomePage application in connections

I want to add custom widgets to my home page but for that i need to assign Administrative rights for HomePage application to one of the users, i followed these steps to assign admin rights


  • Every application in the Lotus Connections make use of J2EE security for managing user roles. For example if i open the web.xml file for the HomePage.war i can see that it defines few roles, this is how the Admin role is defined

    <security-constraint>
    <web-resource-collection>
    <web-resource-name>
    Secure Catalog Administration
    </web-resource-name>
    <url-pattern>
    /admin/*
    </url-pattern>
    <http-method>
    GET
    </http-method>
    <http-method>
    POST
    </http-method>
    <http-method>
    PUT
    </http-method>
    <http-method>
    DELETE
    </http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>
    admin
    </role-name>
    </auth-constraint>
    </security-constraint>

    If you look into the web.xml you will notice that it defines following roles

    1. person

    2. everyone

    3. reader

    4. metrics-reader

    5. admin



  • Login into WAS admin console to assign admin role to the user

  • In the WAS Admin console go to Applications -< WebSphere Enterprise applications and you will see list of applications deployed on the server



  • Click on the HomePage link to view the details of HomePage enterprise applications like this


  • CLick on Security roles to users/group mapping link to view the current mappings


    In my case all other roles have some assignment but Admin role is not assigned to any one, so i did select the admin role and click on map users (Its better to map admin role to a group)

  • Search for the user that you want to assign to the admin role, in my case wasbind and save your changes and restart the Lotus Connections server


  • After server is restarted login as the admin user and on the home page you should see Administration tab like this


  • When you switch to Administration tab you will notice that your allowed to enable disable widgets, publish new widgets on this tab



Changing connections configuration

The Connections configuration is stored in xml files. You can find all the configuration files in the config directory of your deployment manager



Even though you can change these files manually and start the server, its not recommended (I never tried changing the config files manually so not sure if the server would pick them up) because you can change the file to be invalid and which could prevent server from coming up.

But if you want to change anything in the connections configuration, you should first checkout the file to your local directory, modify the file and then check it in. I wanted to try this so i followed these steps


  • First i went to the DMGR machine and i did execute this command to connect to DMGR using wsadmin command


    wsadmin.bat -lang jython -username wasadmin -password wasadmin -port 8879


    Important note: Make sure that your actually connecting to DMGR and the value of port is the SOAP port for DMGR, When i was trying this i mistakenly used the SOAP port of App server and when i tried checking out the config file i got this error

    wsadmin>LCConfigService.checkOutConfig("c:/temp","wpconnectionsCell01")
    Exception - com.ibm.ws.scripting.ScriptingException com.ibm.ws.scripting.Scripti
    ngException: WASX7070E: The configuration service is not available.
    wsadmin>exit


  • After connecting to DMGR, next step is to initialize the connection to lotus connection server for that we have to execute the connectionsConfig.py file which is located in the E:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin directory, You can execute that file by executing following command on the wsadmin console

    wsadmin>execfile("E:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin\connectionsConfig.py")

    If you open this file on your machine you will notice that it defines set of admin functions to check out and check in config files,... The checkin function takes care of validation configuration,...

  • Next step is to checkout the configuration file to your local drive by executing following command

    wsadmin>LCConfigService.checkOutConfig("c:/temp","wpconnectionsCell01")

    This will checkout set of files into your c:/temp directory


  • Once the file is checked out you can open it in text editor and make changes and once your done making changes save the file

  • Next step is to check in the changes back into the server that you can do by executing following command

    LCConfigService.checkInConfig()


  • After checking in your changes in deployment manager you can push them to nodes by executing

    wsadmin>synchAllNodes()


  • Last step is to restart the server for changes to take effect



Static resource serving in connections

In the Customizing styles used in the Connections entry i blogged about how you can change the header color from black to red by making changes in the styles. But one problem is that i had to clear browser cache for my changes to take effect. Now this might be ok in development but you cannot ask end users to clear browser cache every time you change your static resources, so i wanted to figure out why the changes are not getting reflected right away.


  • When i checked which file has the definition of lotusBanner class i noticed that it is defined in the http://wpconnections.atech.com/activities/static/20101018.200549/nav/common/styles/defaultTheme/theme.css and when i looked at the resource using the firebug i can see following caching headers



    These two are the caching headers. The value of cache-control header is set to 315360000 milliseconds which is equal to 10 years. Also the Expires header is set to explicit date of 16 Apr 2021 16:57:21 GMT, which is equal to 10 years.

    Expires Fri, 16 Apr 2021 16:57:21 GMT
    Cache-Control public, max-age=315360000, s-maxage=315360000


  • Then i checked the Firefox cache and i could see that the response of http://wpconnections.atech.com/activities/static/20101018.200549/nav/common/styles/defaultTheme/theme.css is cached for next 10 years and what that means is firefox is not even going to check if server has new version of the theme.css for next 10 years



    Note: It seems that Connection follows the most important client side performance improvement guideline which is to cache the static resources for as long as possible, that must be the reason why connection is fast even though the pages are ritch.



If you look at the URL of the theme.css http://wpconnections.atech.com/activities/static/20101018.200549/nav/common/styles/defaultTheme/theme.css you will notice that it has a time stamp. This time stamp comes from LotusConnections config file, there is a versionStamp element in the LotusConnections-config.xml file its value is used in creating URL to the theme.css. Take a look at the LotusConnections-config.xml file on my machine. If you want to force browser to download new resource you will have to change the value of versionStamp element which will change URL to the resource and as a result the browser will download new version of theme.css from server.


<languageSensitive enabled="false"/>
<ignorePunctuation enabled="false"/>
<transactionSetting>
<attribute key="Transaction_Max" value="20"/>
<attribute key="Queue_Max" value="10"/>
</transactionSetting>

<useRichTextEditorInBookmarklet enabled="false"/>

<dynamicHosts enabled="false">
<host href="admin_replace" ssl_href="admin_replace"/>
</dynamicHosts>

<resources>
</resources>

<versionStamp value="20101018.200549"/>

</config>



  • Use the steps defined in Changing connections configuration for checking out the LotusConnections-config.xml file

  • Then you can either change the value of the versionStamp element manually or execute the following command to generate new value for the versionStamp element

    LCConfigService.updateConfig("versionStamp","")


  • After executing the above command you can see the value of versionStamp element in LotusConnections-config.xml file is changed like this

    <useRichTextEditorInBookmarklet enabled="false"/>

    <dynamicHosts enabled="false">
    <host href="admin_replace" ssl_href="admin_replace"/>
    </dynamicHosts>

    <resources>
    </resources>

    <versionStamp value="20110419.173153"/>

    </config>


  • Next step is to check in your changes and synchronize them between nodes using the steps defined in Changing connections configuration

  • Restart the server and now try accessing the page you will notice that the page has red header and you dont have to clear the browser cache. If you look at the resource using firebug you will notice the URL of the theme.css is changed like this


Customizing styles used in the Connections

You might want to customize the connections UI by changing the CSS styles, For example by default the lotus banner is black but i wanted to see if i can change it to red. I followed these steps to make the change.


  • I used the firebug to figure out what CSS class has the color definition for the banner and i figure that the lotusBanner defines the background color for the header


    .lotusBanner{
    padding:0 10px;
    background-color:#000000;
    background-image:-moz-linear-gradient(top, #525252 0%,#000000 100%);
    -webkit-gradient(linear, left top, left bottom, from(#525252), to(#000000));
    }

    I did search to find out which css file contains the definition for the lotusBanner css class and in case of Activities application E:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\wpconnectionsCell01\Activities.ear\oawebui.war\nav\common\styles\defaultTheme\defaultTheme.css file defines the lotusBanner class


  • Then i did create a custom.css file under E:\IBM\LotusConnections\data\shared\customization\common\nav\common\styles\defaultTheme, (in my case E:\IBM\LotusConnections\data\shared\customization is lotus shared data directory) and i copied the lotusBanner class in it.

  • I made changes in the lotusBanner class to change value of background color from black to FireBrick red(B22222) so that my lotusBanner css style class looks like this

    .lotusBanner{
    padding:0 10px;
    background-color:#B22222;
    background-image:-moz-linear-gradient(top, #525252 0%,#B22222 100%);
    -webkit-gradient(linear, left top, left bottom, from(#525252), to(#B22222));
    }



After saving my changes i did cleanup my browser cache and when i refreshed the page again i could see the banner being rendered in red like this.

Customizing Lotus Connection look and feel

One of the common requirements of Lotus Connection would be to customize the look and feel so that it confirms to the overall look and feel of the client. I wanted to figure out how to customize the default lotus connection look and feel by adding few lines of text in header(Basic idea was to figure out which .jsp file gets picked up) and i followed these steps. Please note that i used Customizing the user interface document for instructions on what steps to follow

Every feature in lotus connection is separate .ear file and you can either change look and feel for each feature or you can change look and feel for all the features. By default every feature .war file has nav directory that contains the look and feel information like this



The nav directory has set of jsp such as header, footer, login that decides how the header or footer should look like, you can directly change the .jsp file in the .war file ex. WebSphere\AppServer\profiles\AppSrv01\installedApps\wpconnectionsCell01\Homepage.ear\homepage.war\nav\templates\header.jsp for changing the header of HomePage and the changes get reflected on the UI, but this approach wont work in the multi-node environment and also your changes could get overwritten when you apply fix pack to your server. Instead we are supposed to store our changes in the customization directory (It is shared directory that is used across the nodes). If you dont remember the shared directory path that you set during the installation then you can find it out using WAS Admin Console, its stored in CONNECTIONS_CUSTOMIZATION_PATH websphere environment variable path.



In my case its value is E:\IBM\LotusConnections\data\shared\customization, when i went to that directory i can see one empty directory for each of the feature. In my case i want to change the header to add one line of text to header so i copied the E:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\wpconnectionsCell01\Homepage.ear\homepage.war\nav\templates\header.jsp to the E:\IBM\LotusConnections\data\shared\customization\common\nav\templates directory like this



I did change the header.jsp to add this one line of text to it at the end

<h3>Sample text in homepage.ear\header.jsp</h3>


Then i went to connections page to see if the changes were effected and this is what i see




Then i copied the header.jsp to E:\IBM\LotusConnections\data\shared\customization\homepage\nav\templates to see if i can have customized header at HomePage level, i change the line in it to


<h3>Sample Text in homepage\nav\templates\header.jsp</h3>


After saving the changes i went to home page and this is what i see

Installation log files for Lotus Connections

Installing Lotus Connections is multiple step process, you have to install different software and it generates logs in different places, so if something goes wrong you will have to open corresponding log file to figure out what went wrong and fix the problem


  • WebSphere Application Server:When your installing WebSphere application server it will generate the install logs file in the WebSphere\AppServer\logs\install directory

    Take a look at Trouble shooting was installation for more information on how to trouble shoot was installation

  • WebSphere HTTP Server:When you install HTTP server the log files get created in the E:\IBM\HTTPServer\logs\install directory


  • Http Server plug-in installation:The logs for HTTP server plugin installations get created in the E:\IBM\HTTPServer\Plugins\logs\install directory like this


  • Database creation: Before you start the Lotus Connections install you will have to create Lotus Connections database using dbwizard.bat or dbwizard.sh, this step creates different databases and populates them by running set of SQL scripts. YOu can find the main log in C:\Documents and Settings\lcuser\lcWizard\log\dbWizard


    Each of the log files has detailed list of SQL commands that it is executing. Also the dbWizard lets you save the list of SQL files that it is going to execute, you should save it before starting dbWizard, you might want to manually re-execute the SQL if something fails, in my case it failed on last grantApps.ddl for forums so i executed it manually and it worked.

  • Migrating User population: After creating database first step is to import the user population from the LDAP server into database and for that we execute the populationWizard.bat, when you do that it generates log file files in C:\Documents and Settings\lcuser\lcWizard\log\tdi directory like this


  • Lotus Connections install: The last step in Lotus Connections install is installing Lotus connection, which installs bunch of ear files and executes some wsadmin scripts, you can find the logs for install in E:\IBM\LotusConnections\logs directory like this



Installing Lotus Connections

I am interested in learning Lotus Connections so i was trying to install it on in a VM on my laptop for last few days and finally i was able to install it yesterday, these are few things that i learned.


  • Initially i thought i will install Lotus Connections 2.5 pilot and i ended up spending 2 days install it but i could not get it working after installation when i tried starting it i could see lots of exceptions being thrown

  • Then i decided to install Lotus Connections 3.0 and since there is no concept of pilot in Lotus Connections 3.0, i had to install Lotus Connections 3.0 - Small deployment

  • In order to install Lotus Connections 3.0, i had to install WAS with HTTP server and plug-in, DB2 database, Tivoli Directory integrator and Tivoli Directory server. I installed everything on one VM image except Tivoli directory server(I have a VM with LDAP on it that i use as user repository for my portal, WAS,...)

  • In my first attempt my VM had 12 GB free disk space on VM but thats not sufficient, i could see that the DB2 directory growing to more than 5 GB during install, so i had to give up the VM at the end since install ran out of space

  • In my last attempt which actually worked, i created a Windows XP SP 2 VM image with 3 GB RAM and 70 GB Hard disk(I can see the installed software + database takes 15-20 GB disk space) and now when i start the connections server it takes more than 2.5 GB RAM(on Windows XP you have limit of 3 GB)

  • Other thing that i learned is you should follow the Install procedure as it is, normally i dont install HTTP server or Plugins in my development machine to save space and memory but when i try to start the server without HTTP server i get some weird error may be i will have to configure it to work without HTTP server



Once the connections server is started it is responsive

Universal Test client application

The Rational Application Developer has a IBM Universal Test client enterprise application which is web based application that you can use to test your EJB's or JPA beans or look at the JNDI tree in your server,.. Essentially it is set of tools to troubleshoot problems.

You can follow these steps to enable IBM Universal Test client.


  1. Double click on your server name to open the server definition. On that page check "Enable universal test client " check box


  2. Once you save the server definition you will notice that the UTC application is getting deployed on your server, wait for couple of minutes to get it started

  3. Right click on the Server name and click on Universal test client > Run to access universal test client


  4. The RAD will open http://localhost:10039/UTC/ URL in the browser if you want you can directly access this page from outside the RAD


  5. RAD will prompt you to login use the was admin user and password and you should see next screen with JNDI Explorer, JPA explorer,.. use the section that you want to explore, in my case i went to JNDI explorer to see all the name bindings like this



Fine grained security in WAS

The WebSphere Application Server has concept of fine grained security, which means you can assign a user rights to individual resource instead of the full cell. For example you want to allow a dev team to update only there enterprise application, but you dont want them to modify any other applications or any other configuration, you can do that with fine grained security configuration.

I wanted to try this feature so i did create a HelloFineGrainedSecurityEAR application and i want to configure the security so that only users in devteam group will be able to deploy only HelloFineGrainedSecurityEAR application, i followed these steps

  • First i followed the instructions in the Assiginging administrative roles to user entry to assign monitor role to devteam group

  • I went to Security -> Administrative Authorization Group screen in the WAS Admin Console


  • I clicked on New to create a new Administrative Authorization Group like this

    I did create HelloFineGrainedSecurityAdminGroup and i did select HelloFineGrainedSecurityEAR application because thats the only application that i want this group to modify

  • Then i clicked on Administrative Group roles link to assign a group deployer role to the HelloFineGrainedSecurityAdminGroup




  • Now when i log out and login using one of the group in the devteam, and i went to Manage application section and i can see that i do have access to update HelloFineGrainedSecurityEAR but not any other application