- Every application in the Lotus Connections make use of J2EE security for managing user roles. For example if i open the web.xml file for the HomePage.war i can see that it defines few roles, this is how the Admin role is defined
<security-constraint>
<web-resource-collection>
<web-resource-name>
Secure Catalog Administration
</web-resource-name>
<url-pattern>
/admin/*
</url-pattern>
<http-method>
GET
</http-method>
<http-method>
POST
</http-method>
<http-method>
PUT
</http-method>
<http-method>
DELETE
</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>
admin
</role-name>
</auth-constraint>
</security-constraint>
If you look into the web.xml you will notice that it defines following roles- person
- everyone
- reader
- metrics-reader
- admin
- Login into WAS admin console to assign admin role to the user
- In the WAS Admin console go to Applications -< WebSphere Enterprise applications and you will see list of applications deployed on the server
Click on the HomePage link to view the details of HomePage enterprise applications like this
- CLick on Security roles to users/group mapping link to view the current mappings
In my case all other roles have some assignment but Admin role is not assigned to any one, so i did select the admin role and click on map users (Its better to map admin role to a group) - Search for the user that you want to assign to the admin role, in my case wasbind and save your changes and restart the Lotus Connections server
- After server is restarted login as the admin user and on the home page you should see Administration tab like this
- When you switch to Administration tab you will notice that your allowed to enable disable widgets, publish new widgets on this tab
Assigning administrator role to HomePage application in connections
I want to add custom widgets to my home page but for that i need to assign Administrative rights for HomePage application to one of the users, i followed these steps to assign admin rights
Changing connections configuration
The Connections configuration is stored in xml files. You can find all the configuration files in the config directory of your deployment manager
Even though you can change these files manually and start the server, its not recommended (I never tried changing the config files manually so not sure if the server would pick them up) because you can change the file to be invalid and which could prevent server from coming up.
But if you want to change anything in the connections configuration, you should first checkout the file to your local directory, modify the file and then check it in. I wanted to try this so i followed these steps
Even though you can change these files manually and start the server, its not recommended (I never tried changing the config files manually so not sure if the server would pick them up) because you can change the file to be invalid and which could prevent server from coming up.
But if you want to change anything in the connections configuration, you should first checkout the file to your local directory, modify the file and then check it in. I wanted to try this so i followed these steps
- First i went to the DMGR machine and i did execute this command to connect to DMGR using wsadmin command
wsadmin.bat -lang jython -username wasadmin -password wasadmin -port 8879
Important note: Make sure that your actually connecting to DMGR and the value of port is the SOAP port for DMGR, When i was trying this i mistakenly used the SOAP port of App server and when i tried checking out the config file i got this error
wsadmin>LCConfigService.checkOutConfig("c:/temp","wpconnectionsCell01")
Exception - com.ibm.ws.scripting.ScriptingException com.ibm.ws.scripting.Scripti
ngException: WASX7070E: The configuration service is not available.
wsadmin>exit - After connecting to DMGR, next step is to initialize the connection to lotus connection server for that we have to execute the connectionsConfig.py file which is located in the
E:\IBM\WebSphere\AppServer\profiles\Dmgr01\bindirectory, You can execute that file by executing following command on the wsadmin console
wsadmin>execfile("E:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin\connectionsConfig.py")
If you open this file on your machine you will notice that it defines set of admin functions to check out and check in config files,... The checkin function takes care of validation configuration,... - Next step is to checkout the configuration file to your local drive by executing following command
wsadmin>LCConfigService.checkOutConfig("c:/temp","wpconnectionsCell01")
This will checkout set of files into your c:/temp directory
- Once the file is checked out you can open it in text editor and make changes and once your done making changes save the file
- Next step is to check in the changes back into the server that you can do by executing following command
LCConfigService.checkInConfig() - After checking in your changes in deployment manager you can push them to nodes by executing
wsadmin>synchAllNodes() - Last step is to restart the server for changes to take effect
Static resource serving in connections
In the Customizing styles used in the Connections entry i blogged about how you can change the header color from black to red by making changes in the styles. But one problem is that i had to clear browser cache for my changes to take effect. Now this might be ok in development but you cannot ask end users to clear browser cache every time you change your static resources, so i wanted to figure out why the changes are not getting reflected right away.
If you look at the URL of the theme.css
- When i checked which file has the definition of lotusBanner class i noticed that it is defined in the
http://wpconnections.atech.com/activities/static/20101018.200549/nav/common/styles/defaultTheme/theme.cssand when i looked at the resource using the firebug i can see following caching headers
These two are the caching headers. The value of cache-control header is set to 315360000 milliseconds which is equal to 10 years. Also the Expires header is set to explicit date of 16 Apr 2021 16:57:21 GMT, which is equal to 10 years.
Expires Fri, 16 Apr 2021 16:57:21 GMT
Cache-Control public, max-age=315360000, s-maxage=315360000 - Then i checked the Firefox cache and i could see that the response of
http://wpconnections.atech.com/activities/static/20101018.200549/nav/common/styles/defaultTheme/theme.cssis cached for next 10 years and what that means is firefox is not even going to check if server has new version of the theme.css for next 10 years
Note: It seems that Connection follows the most important client side performance improvement guideline which is to cache the static resources for as long as possible, that must be the reason why connection is fast even though the pages are ritch.
If you look at the URL of the theme.css
http://wpconnections.atech.com/activities/static/20101018.200549/nav/common/styles/defaultTheme/theme.css you will notice that it has a time stamp. This time stamp comes from LotusConnections config file, there is a versionStamp element in the LotusConnections-config.xml file its value is used in creating URL to the theme.css. Take a look at the LotusConnections-config.xml file on my machine. If you want to force browser to download new resource you will have to change the value of versionStamp element which will change URL to the resource and as a result the browser will download new version of theme.css from server.
<languageSensitive enabled="false"/>
<ignorePunctuation enabled="false"/>
<transactionSetting>
<attribute key="Transaction_Max" value="20"/>
<attribute key="Queue_Max" value="10"/>
</transactionSetting>
<useRichTextEditorInBookmarklet enabled="false"/>
<dynamicHosts enabled="false">
<host href="admin_replace" ssl_href="admin_replace"/>
</dynamicHosts>
<resources>
</resources>
<versionStamp value="20101018.200549"/>
</config>
- Use the steps defined in Changing connections configuration for checking out the LotusConnections-config.xml file
- Then you can either change the value of the
versionStamp element manually or execute the following command to generate new value for the versionStamp element
LCConfigService.updateConfig("versionStamp","")
After executing the above command you can see the value of versionStamp element in LotusConnections-config.xml file is changed like this
<useRichTextEditorInBookmarklet enabled="false"/>
<dynamicHosts enabled="false">
<host href="admin_replace" ssl_href="admin_replace"/>
</dynamicHosts>
<resources>
</resources>
<versionStamp value="20110419.173153"/>
</config>
Next step is to check in your changes and synchronize them between nodes using the steps defined in Changing connections configuration
Restart the server and now try accessing the page you will notice that the page has red header and you dont have to clear the browser cache. If you look at the resource using firebug you will notice the URL of the theme.css is changed like this
Customizing styles used in the Connections
You might want to customize the connections UI by changing the CSS styles, For example by default the lotus banner is black but i wanted to see if i can change it to red. I followed these steps to make the change.
After saving my changes i did cleanup my browser cache and when i refreshed the page again i could see the banner being rendered in red like this.
- I used the firebug to figure out what CSS class has the color definition for the banner and i figure that the
lotusBannerdefines the background color for the header
.lotusBanner{
padding:0 10px;
background-color:#000000;
background-image:-moz-linear-gradient(top, #525252 0%,#000000 100%);
-webkit-gradient(linear, left top, left bottom, from(#525252), to(#000000));
}
I did search to find out which css file contains the definition for thelotusBannercss class and in case of Activities applicationE:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\wpconnectionsCell01\Activities.ear\oawebui.war\nav\common\styles\defaultTheme\defaultTheme.cssfile defines the lotusBanner class - Then i did create a custom.css file under
E:\IBM\LotusConnections\data\shared\customization\common\nav\common\styles\defaultTheme, (in my case E:\IBM\LotusConnections\data\shared\customization is lotus shared data directory) and i copied thelotusBannerclass in it. - I made changes in the lotusBanner class to change value of background color from black to FireBrick red(B22222) so that my
lotusBannercss style class looks like this
.lotusBanner{
padding:0 10px;
background-color:#B22222;
background-image:-moz-linear-gradient(top, #525252 0%,#B22222 100%);
-webkit-gradient(linear, left top, left bottom, from(#525252), to(#B22222));
}
After saving my changes i did cleanup my browser cache and when i refreshed the page again i could see the banner being rendered in red like this.
Customizing Lotus Connection look and feel
One of the common requirements of Lotus Connection would be to customize the look and feel so that it confirms to the overall look and feel of the client. I wanted to figure out how to customize the default lotus connection look and feel by adding few lines of text in header(Basic idea was to figure out which .jsp file gets picked up) and i followed these steps. Please note that i used Customizing the user interface document for instructions on what steps to follow
Every feature in lotus connection is separate .ear file and you can either change look and feel for each feature or you can change look and feel for all the features. By default every feature .war file has nav directory that contains the look and feel information like this
The nav directory has set of jsp such as header, footer, login that decides how the header or footer should look like, you can directly change the .jsp file in the .war file ex.
In my case its value is
I did change the header.jsp to add this one line of text to it at the end
Then i went to connections page to see if the changes were effected and this is what i see
Then i copied the header.jsp to
After saving the changes i went to home page and this is what i see
Every feature in lotus connection is separate .ear file and you can either change look and feel for each feature or you can change look and feel for all the features. By default every feature .war file has nav directory that contains the look and feel information like this
The nav directory has set of jsp such as header, footer, login that decides how the header or footer should look like, you can directly change the .jsp file in the .war file ex.
WebSphere\AppServer\profiles\AppSrv01\installedApps\wpconnectionsCell01\Homepage.ear\homepage.war\nav\templates\header.jsp for changing the header of HomePage and the changes get reflected on the UI, but this approach wont work in the multi-node environment and also your changes could get overwritten when you apply fix pack to your server. Instead we are supposed to store our changes in the customization directory (It is shared directory that is used across the nodes). If you dont remember the shared directory path that you set during the installation then you can find it out using WAS Admin Console, its stored in CONNECTIONS_CUSTOMIZATION_PATH websphere environment variable path.
In my case its value is
E:\IBM\LotusConnections\data\shared\customization, when i went to that directory i can see one empty directory for each of the feature. In my case i want to change the header to add one line of text to header so i copied the E:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\wpconnectionsCell01\Homepage.ear\homepage.war\nav\templates\header.jsp to the E:\IBM\LotusConnections\data\shared\customization\common\nav\templates directory like this
I did change the header.jsp to add this one line of text to it at the end
<h3>Sample text in homepage.ear\header.jsp</h3>
Then i went to connections page to see if the changes were effected and this is what i see
Then i copied the header.jsp to
E:\IBM\LotusConnections\data\shared\customization\homepage\nav\templates to see if i can have customized header at HomePage level, i change the line in it to
<h3>Sample Text in homepage\nav\templates\header.jsp</h3>
After saving the changes i went to home page and this is what i see
Installation log files for Lotus Connections
Installing Lotus Connections is multiple step process, you have to install different software and it generates logs in different places, so if something goes wrong you will have to open corresponding log file to figure out what went wrong and fix the problem
- WebSphere Application Server:When your installing WebSphere application server it will generate the install logs file in the
WebSphere\AppServer\logs\installdirectory
Take a look at Trouble shooting was installation for more information on how to trouble shoot was installation - WebSphere HTTP Server:When you install HTTP server the log files get created in the
E:\IBM\HTTPServer\logs\installdirectory
- Http Server plug-in installation:The logs for HTTP server plugin installations get created in the
E:\IBM\HTTPServer\Plugins\logs\installdirectory like this
- Database creation: Before you start the Lotus Connections install you will have to create Lotus Connections database using dbwizard.bat or dbwizard.sh, this step creates different databases and populates them by running set of SQL scripts. YOu can find the main log in
C:\Documents and Settings\lcuser\lcWizard\log\dbWizard
Each of the log files has detailed list of SQL commands that it is executing. Also the dbWizard lets you save the list of SQL files that it is going to execute, you should save it before starting dbWizard, you might want to manually re-execute the SQL if something fails, in my case it failed on last grantApps.ddl for forums so i executed it manually and it worked. - Migrating User population: After creating database first step is to import the user population from the LDAP server into database and for that we execute the populationWizard.bat, when you do that it generates log file files in
C:\Documents and Settings\lcuser\lcWizard\log\tdidirectory like this
- Lotus Connections install: The last step in Lotus Connections install is installing Lotus connection, which installs bunch of ear files and executes some wsadmin scripts, you can find the logs for install in
E:\IBM\LotusConnections\logsdirectory like this
Installing Lotus Connections
I am interested in learning Lotus Connections so i was trying to install it on in a VM on my laptop for last few days and finally i was able to install it yesterday, these are few things that i learned.
Once the connections server is started it is responsive
- Initially i thought i will install Lotus Connections 2.5 pilot and i ended up spending 2 days install it but i could not get it working after installation when i tried starting it i could see lots of exceptions being thrown
- Then i decided to install Lotus Connections 3.0 and since there is no concept of pilot in Lotus Connections 3.0, i had to install Lotus Connections 3.0 - Small deployment
- In order to install Lotus Connections 3.0, i had to install WAS with HTTP server and plug-in, DB2 database, Tivoli Directory integrator and Tivoli Directory server. I installed everything on one VM image except Tivoli directory server(I have a VM with LDAP on it that i use as user repository for my portal, WAS,...)
- In my first attempt my VM had 12 GB free disk space on VM but thats not sufficient, i could see that the DB2 directory growing to more than 5 GB during install, so i had to give up the VM at the end since install ran out of space
- In my last attempt which actually worked, i created a Windows XP SP 2 VM image with 3 GB RAM and 70 GB Hard disk(I can see the installed software + database takes 15-20 GB disk space) and now when i start the connections server it takes more than 2.5 GB RAM(on Windows XP you have limit of 3 GB)
- Other thing that i learned is you should follow the Install procedure as it is, normally i dont install HTTP server or Plugins in my development machine to save space and memory but when i try to start the server without HTTP server i get some weird error may be i will have to configure it to work without HTTP server
Once the connections server is started it is responsive
Universal Test client application
The Rational Application Developer has a IBM Universal Test client enterprise application which is web based application that you can use to test your EJB's or JPA beans or look at the JNDI tree in your server,.. Essentially it is set of tools to troubleshoot problems.
You can follow these steps to enable IBM Universal Test client.
You can follow these steps to enable IBM Universal Test client.
- Double click on your server name to open the server definition. On that page check "Enable universal test client " check box
- Once you save the server definition you will notice that the UTC application is getting deployed on your server, wait for couple of minutes to get it started
- Right click on the Server name and click on Universal test client > Run to access universal test client
- The RAD will open http://localhost:10039/UTC/ URL in the browser if you want you can directly access this page from outside the RAD
- RAD will prompt you to login use the was admin user and password and you should see next screen with JNDI Explorer, JPA explorer,.. use the section that you want to explore, in my case i went to JNDI explorer to see all the name bindings like this
Fine grained security in WAS
The WebSphere Application Server has concept of fine grained security, which means you can assign a user rights to individual resource instead of the full cell. For example you want to allow a dev team to update only there enterprise application, but you dont want them to modify any other applications or any other configuration, you can do that with fine grained security configuration.
I wanted to try this feature so i did create a
I wanted to try this feature so i did create a
HelloFineGrainedSecurityEAR application and i want to configure the security so that only users in devteam group will be able to deploy only HelloFineGrainedSecurityEAR application, i followed these steps- First i followed the instructions in the Assiginging administrative roles to user entry to assign monitor role to devteam group
- I went to Security -> Administrative Authorization Group screen in the WAS Admin Console
- I clicked on New to create a new Administrative Authorization Group like this
I did create HelloFineGrainedSecurityAdminGroup and i did select HelloFineGrainedSecurityEAR application because thats the only application that i want this group to modify - Then i clicked on Administrative Group roles link to assign a group deployer role to the
HelloFineGrainedSecurityAdminGroup
- Now when i log out and login using one of the group in the devteam, and i went to Manage application section and i can see that i do have access to update
HelloFineGrainedSecurityEARbut not any other application
Installing WAS 8 Beta on your machine
The WebSphere Application Server 8 is in Beta stage for some time now. One of the most important feature's in WAS 8 is that it supports JEE 6. I want to learn JEE 6 so i installed the WAS 8 Beta on my machine. I used these steps to install it
Now your WAS 8 is ready to use
- Go to the WAS 8 Beta Web Site and login using your IBM user id and password
- Download following CD's
- IBM WebSphere Application Server 8.0 Beta (Part 1 of 4)
- IBM WebSphere Application Server 8.0 Beta (Part 2 of 4)
- IBM WebSphere Application Server 8.0 Beta (Part 3 of 4)
- IBM WebSphere Application Server 8.0 Beta (Part 4 of 4)
- IBM Installation Manager for Windows on Intel
The first 4 CD's are same on all the platform's but the Installation Manager CD would depend on the platform which your using. I use a Windows 7 for trying WAS 8 so i had to install Windows on Intel Installation Manager - Once all the files are downloaded extract them in the same folder and you should get structure like this
- If you look into the extracted files you will notice there is no launchpad.exe to install the WAS and the downloaded files look like Eclipse Updation archive. The reason is that we will have to use the Installation Manger(Same product that we use for installing Rational products such as RAD). If you have RAD installed on your machine you can use the Installation Manager for the RAD to install WAS 8 Beta, thats what i am going to do. If you dont have RAD install the Installation Manager first
- Once you have Installation Manager installed on your machine, start it and then follow these steps
Click on Install
- Once the installation finished you should see a screen that will launch profile management tool for you, I want to use this server for development so i am selecting create application server profile for development
On the next screen it will ask you to set userId and password for the admin user(You can always skip this step but i like to enable admin security at the start so i will keep it
After that it will show you the profile properties like WAS Server HTTP and Admin Port you might want to keep screen print of this page or note down port numbers
Now your WAS 8 is ready to use
Subscribe to:
Comments (Atom)