Book review IBM Websphere Portal 8: Web Experience Factory and the Cloud
It seems that IBM is investing a lot in IBM Web Experience factory in last few years. I wanted to learn about WEF but the problem is i was not able to find any suitable documentation or something that will let me learn about WEF in step by step manner. Then before few days Packt publishing contacted me to review the IBM Websphere Portal 8: Web Experience Factory and the Cloud book. This book has lot of information about the architecture, analysis and design, release management in the first part. The part that i was most interested in was from chapter 7 to chapter 15 which covers the websphere experience factory development. I went through these chapters and really enjoyed reading them. I want to thank Packtpub for coming up with a book that helped me learn about WebSphere experience factory
Securing REST service created using WEF
In the Exposing REST + JSON endpoint using WEF i blogged about how to create a REST + JSON endpoint using WEF, but problem with that service is it is not protected. Anyone can call that service if you know the URL. So i wanted to protect the service and once the service is protected i can get the logged in user's information in the service.
I followed these steps to secure the service
Open the
After saving your changes deploy them on server
Once your application is deployed you will have to map the roles using WAS Admin Console before it actually get secured, so login into the WAS admin console and find the application that you want to secure and go to its Security Role to user/group mapping page and map
After saving your changes restart the application.
Now if you take the service URL and paste it in new browser window, it will redirect you to login page like this
Login on this page, In my case only user i have is
- First i changed the HelloWorldService.sayHello() method so that instead of asking user for name it reads the current logged in users name and returns it in
Hello name
formatpackage com.webspherenotes.wef; import com.bowstreet.webapp.WebAppAccess; public class HelloWorldService { public String sayHello(WebAppAccess webAppAccess){ System.out.println("Entering HelloWorldService.sayHello()"); String userId = webAppAccess.getUserInfo().getUserID(); System.out.println("Value of userId " + userId); return "Hello " + userId; } }
- If you look at the web.xml file of your WEF project you will notice that it has 3 servlets, out of that
WebEngineServlet
is the one that is used to expose REST service, In order to protect the REST service, you will want to protect the
WebEngineServlet
, if you look into web.xml file generated by web.xml it has 4 security constraints in it, you can use one of them to protect the WebEngineServlet. This is how the out of box SecurityConstraint_4
looks like
<security-constraint id="SecurityConstraint_4">
<web-resource-collection id="WebResourceCollection_4">
<web-resource-name>ProtectedSampleModels</web-resource-name>
<url-pattern>/webengine/factory/samples/protectedSamples/*</url-pattern>
</web-resource-collection>
<auth-constraint id="AuthConstraint_4">
<description>Roles allowed to execute sample protected models under
factory/samples/protectedSamples</description>
<role-name>IBMAdministrators</role-name>
<role-name>AllAuthenticatedUsers</role-name>
</auth-constraint>
</security-constraint>
I want to change it so that it protects /webengine/*
URL instead of only protectedSamples
, but if i make chanes in web.xml directly they will get overwritten during regeneration. Instead if you want to make any changes that would be included in generated web.xml you should make those changes in \WebContent\WEB-INF\bin\deployment\standalone.web.xml
file
\WebContent\WEB-INF\bin\deployment\standalone.web.xml
file, and change SecurityConstraint_4
look like this
<security-constraint id="SecurityConstraint_4">
<web-resource-collection id="WebResourceCollection_4">
<web-resource-name>ProtectedSampleModels</web-resource-name>
<url-pattern>/webengine/*</url-pattern>
</web-resource-collection>
<auth-constraint id="AuthConstraint_4">
<description>Roles allowed to execute sample protected models under
factory/samples/protectedSamples</description>
<role-name>IBMAdministrators</role-name>
<role-name>AllAuthenticatedUsers</role-name>
</auth-constraint>
</security-constraint>
AllAuthenticatedUser
to All Authenticated in Applications's Realm
group like this
wpsadmin
so use it to login and then you can get the service page like this
Exposing REST + JSON endpoint using WEF
I wanted to figure out how to create a REST + JSON end point using WEF. So i decided to create a simple Java class that has
sayHello(name)
method, this method takes name as input and when you invoke it it returns Hello name
as output
These are the steps that i followed
-
I did create a HelloWorldService.java class like this
package com.webspherenotes.wef; public class HelloWorldService { public String sayHello(String name){ System.out.println("Inside HelloWorldService.sayHello() Name = " + name); return "Hello " + name; } }
- Next i did create one empty model and i did name it HelloWorldServiceProvider.model
- THen in the HelloWorldServiceProvider.model i did add one Linked Java Object that points to HelloWorldService class like this
- Define HelloWorldService using Service Definition builder like this
- Now define
sayHello()
operation in the HelloWorldService using Service Operation builder like this - With this we have a Service Provider model, Now we need to consumer it and expose it as REST Service, For that create another empty model called HelloWorldRESTService.model
- Add Service Consumer builder in the HelloWorldServiceConsumer.model like this
- Add a REST Service Enable builder in this model and expose it as JSON like this
- Now your application is ready so publish it on server
Using portletHelper linked java object
The Web Experience factory tries to hide the portlet request phases from you. But some time you might be interested in knowing what phase your Linked Java object method is getting executed, If that's the case you should use
portletHelper
Linked Java Object.
So as soon as you add a Portlet Adapter builder to your model, the WPF will add portletHelper
Linked Java Object to that model like this
In your Linked Java Object you can call methods of portletHelper
LJO like this
public class PortletHelperDemoLJO {
public String sayHello(WebAppAccess webAppAccess){
System.out.println("Inside PortletHelperDemo.sayHello() ");
System.out.println("portletHelper.isPortletActionRequest -> " +webAppAccess.processAction("portletHelper.isPortletActionRequest"));
System.out.println("portletHelper.isPortletRenderRequest -> " +webAppAccess.processAction("portletHelper.isPortletRenderRequest"));
return "Hello from PortletHelperDemoLJO.sayHello() " + webAppAccess.getCurrentPage();
}
}
If you want you can call this from action list like this