Best practices for Java and IBM WebSphere Application Server (WAS) on IBM POWER9

This article discusses some of the best practices to achieve best
performance from applications running in the Liberty profile of the IBM
WebSphere Application Server (WAS) on the IBM Power System S9xx and L922
systems recently made available from IBM

Related:

7022210: Installing the Reflection for the Web or Reflection Security Gateway Portlet on a WebSphere Portal Server

Before You Begin

Before installing the Reflection for the Web or Reflection Security Gateway (hereinafter called Reflection) portlet, you must have the following installed and configured.

  • WebSphere Portal Server 5.x or higher
  • Reflection must be running on an application server with sessions configured for your users. The following technical notes provide examples of installing Reflection on an application server: Technical Note 1779 and Technical Note 2332.

Obtaining the RWebPA.war File

Prior to installing the portlet, you must obtain the RWebPA.war file, which you will use to install the Reflection portlet.

  • If you have WebSphere Application Server installed, the RWebPA.war file is located in %WASHOME%installedAppsRWebWASAS6Node01Cellrweb_war.earrweb.warWEB-INFmisc.
  • If you do not have WebSphere Application Server installed, you can extract the RWebPA.war file from the rweb.war file located in the nonautomated directory of the downloaded product files (or on the Reflection CD). Use an archiving utility, such as WinZip, to extract the .war file.

Installing Reflection Portlet on the WebSphere Portal Server

With Reflection installed and configured on your application server, you are ready to install the Reflection portlet to the WebSphere Portal Server.

  1. Copy the RWebPA.war file to a temporary directory on the WebSphere Portal Server.
  2. Open a browser and log in to the portal with an account that has administrative rights.
  3. Click the Administration option in the upper-right corner of the screen.
  4. Click Portlet Management on the left pane to open the Manage Web Modules page.
  5. Click Install and enter the path, including the filename RWebPA.war, or browse to the RWebPA.war file (for example, C:tempRWebPA.war or /u/local/RWebPA.war).
  6. Click Next, and then click Finish.
  7. Under Portlet Management, click Portlets. From the list of portlets, select “RWeb portlet.”

There are multiple pages listing the portlets. You can use the Search tool to locate the RWeb portlet; select “Title starts with” or “Title contains” from the Searchby drop-down list, and enter rweb in the Search field. If RWeb portlet is not listed, you may have to logout and log back into the portal server for the portlet to be listed.

  1. On the right side of the Portlet row, click the Configure icon to setup the portlet.
2348_0.gif
  1. Two parameters are listed for the RWeb portlet. Make a note of the parameters and values listed; they will be used later.
  2. To provide the correct URL for the portlet, you must delete the parameter RWebURL, and then add it back:
    1. Delete RWebURL.
    2. Under New parameter, enter RWebURL. (This parameter is case sensitive).
  3. Under New value, enter the URL exactly as it was displayed in the example (for example, http://myserver:9080/rweb/LoginPage.do?appletOnly=true), but update the localhost name and port with the DNS name (or IP address) and port of the Reflection for the Web server.

To launch a session automatically when the user opens the portal page, enter that specific session’s URL (which can be copied from the Session Manager on the Administrative WebStation) as the RWebURL value.

  1. Click Add, and then click OK.

You can now add the Reflection portlet to any of the WebSphere portal pages.

Configuring the Shared Secret between the Portlet and the Reflection Server

The RWebPA.properties file contains the shared secret that the portlet uses to authenticate to the Reflection server. The shared secret needs to match what is configured on the Reflection server.

  1. Create a text file named RWebPA.properties at the location defined in the value of AC.RWebSSOSharedKeyPropsFile; see step 9 in Installing Reflection Portlet on the WebSphere Portal Server.
  2. In the RWebPA.properties file add the following line:
AC.RWebSSOSharedKey=sharedsecret

Replace sharedsecret (case sensitive) with the value you want to use to authenticate the portlet to the Reflection for the Web server.

  1. Save the file.
  2. Launch the Reflection Administrative WebStation.
  3. Under Tools, click Access Control Setup > Configure.
  4. Under “Choose authentication method,” click Portal, and then click Next.
  5. Enter the shared secret (case sensitive) that was added to the RwebPA.properties in step 2, and then click Next.
  6. Select the authorization method that best meets your needs and click Next.
  7. Click Save Settings.
  8. Click Access Mapper and assign the sessions you would like users to see.

Configuring the WebSphere Application Server

If you run Reflection on a WebSphere Application Server (WAS), then you must enable “URL rewriting” on the WAS server.

If you run Reflection on another application server (not WAS), skip this section and proceed to Adding the Portlet to the WebSphere Portal (An Example).

Note: At this time, you can enable “URL rewriting” on the WAS at the server level only, not at the application level.

  1. Open and log in to the WAS Administration Console.
  2. Click Servers > Application servers.
  3. Click the server on which Reflection is installed.
  4. Click Session management.
  5. Select the “URL rewriting” check box to enable it.
  6. Click OK.
  7. Click Save to save the change to the master configuration.
  8. Stop and restart the WAS server.

Adding the Portlet to the WebSphere Portal (An Example)

The following steps describe one way to add the Reflection portlet to a WebSphere portal page.

  1. Open and log in to the portal with an account that has administrative rights.
  2. Click the Administration option in the upper-right corner of the screen.
  3. Under the left pane, click Portal User Interface > Manage Pages.
  4. Click My Portal under the Title column.
  5. Click the Edit Page Layout icon on the right of the Welcome page row.
2348_1.gif
  1. In one of the three columns, click Add portlets.
  2. Scan the list of portlets and select the “RWeb portlet” check box.
  3. Click OK. The portlet should be added to the configuration of the Welcome page.
  4. Click Done.

Test the Portlet

Follow these steps to ensure that the portlet works.

  1. Log in to the WebSphere Portal server.
  2. Select the web page to which the portlet was added.
  3. Verify that Reflection sessions are listed in the portlet.

Related:

7022220: Installing Reflection for the Web or Reflection Security Gateway with WebSphere Application Server

Before You Begin

Before installing Reflection for the Web or Reflection Security Gateway (hereinafter referred to as Reflection), you must have all of the following installed and configured on your host.

  • WebSphere Application Server 5.0.2 or higher.
  • Java Developer Kit 1.5 or higher.
  • Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. For details, see Applying the JCE Unlimited Strength Jurisdiction Policy Files.
  • The most recent WebSphere cumulative and group program temporary fixes (PTFs) must be applied.
  • Reflection requires 220 MB of free disk space in the hosts /tmp file during installation.
  • If you want to use security (HTTPS, SSL) with the WebSphere Application Server (WAS), refer to your IBM documentation to properly configure the WAS.

Installing Reflection for the Web

After the WebSphere Application Server has been properly installed and tested, follow the steps below to install Reflection.

Prepare the rweb.war File

Follow these steps to prepare the rweb.war file:

  1. Copy the rweb.war file located with the downloaded product files to a temporary folder on your PC. The file location depends on your Reflection product:

Reflection for the Web 2014 or 2011 or Reflection Security Gateway 2014: /install_manual/components/rweb.war

Reflection for the Web 2008: /nonautomated/rweb.war

  1. During download, the rweb.war file may be named rweb.war.zip. If so, rename rweb.war.zip to rweb.war.

Note: When renaming the file, you may receive an error stating that the file may become unstable. Click Yes to proceed.

Update the WebSphere Server Settings

Follow the steps below to update the WebSphere Server settings:

  1. Open the WebSphere Administration Console. By default, this is accessed from http://<myserver>:9060/admin or http://<myserver>: 9060/ibm/console.
  2. On the left-navigation bar, expand Applications, and then click Install New Application.
  3. In the main window, select the “Local file system” radio button and enter the path to the rweb.war file. For example:

C:Temprweb.war –or– /u/local/rweb.war

  1. Select the “Show me all installation options and parameters” radio button.
  2. In the Context root entry field, enter /rweb, and then click Next.
  3. Select the “Generate Default Bindings” check box, leave all other values at default, and then click Next.
  4. Click Next through the Install New Application dialog box, accepting defaults.
  5. Select the rweb.war check box, make sure the Virtual Host is set to default_host, and then click Next.
  6. Print the Summary page for your records, and then click Finish.

The new rweb.war application is installed and the Administration Console screen opens. If you expand the Applications menu and select Enterprise Applications, the application state for rweb should be Stopped.

Click Save to update the master configuration.

Update the web.xml File

There are two copies of the web.xml file, located in the following directories:

/WAS_install_root/installedApps/<cellname>/rweb.ear/rweb.war/WEB-INF/web.xml

– and –

/WAS_install_root/config/cells/<cellname>/applications/rweb.ear/deployments/rweb/rweb.war/WEB-INF/web.xml

Note: If this is a WebSphere Application Server Network Deployment, there is an additional web.xml that must be updated:

/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/<dellname>/applications/rweb_war.ear/deployments/rweb_war/rweb.war/web.xml

In both (or all three) files, locate the <param-name>ReflectionData</param-name> section and modify the file to include the data in red below, entering your path to ReflectionData (for example, C:ReflectionData or /u/local/ReflectionData), and substituting your own sslport value for 443. Note: If the ReflectionData directory does not already exist, you must manually create it.

<context-param>

<param-name>ReflectionData</param-name>

<param-value><PathTo>ReflectionData</param-value>

</context-param>

<context-param>

<param-name>sslport</param-name>

Reflection stores configuration information in the ReflectionData directory. If this is a UNIX installation, ensure that rights are set so that Reflection can write to the ReflectionData directory.

Note: In Reflection, the sslport parameter is located in the PropertyDS.xml file, which is located in the ReflectionData folder. If you want to use a port other than default port 443; you must edit PropertyDS.xml after Reflection for the Web is started in WebSphere.

Once you have updated and saved both (or all three) of the web.xml files, return to the Administrative Console window and follow the steps below.

  1. Expand the Applications menu item, and then click Enterprise Applications.
  2. In the Enterprise Applications dialog, select the rweb check box, and then click Start. The application status will change to a started, indicated by a green arrow in the Status field.
  3. Update the sslport parameter in the PropertyDS.xml, if you need to. Once updated, restart the Application Server using the WebSphere Administrative Console, performing steps 1 and 2 above.

Reflection is now installed. To access Reflection, open a browser and enter the URL, WAS port, and context root to your server.

Syntax: http://myserver:default_port/context_root

For example: http://rweb.atm.com:9080/rweb

Applying the JCE Unlimited Strength Jurisdiction Policy Files

Reflection Security Gateway 2014 R2 and Reflection for the Web 2014 R2 require the Java Cryptography Extension (JCE) Unlimited Strength Policy Files. “Unlimited strength” policy files contain no restrictions on cryptographic strengths, in contrast to the “strong” but limited cryptography policy files bundled in a JRE.

To apply the policy files:

  1. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle or IBM. Be sure to download the correct policy file updates for your version of Java:
  1. Uncompress and extract the downloaded file. The download includes a Readme.txt and two .jar files with the same names as the existing policy files.
  2. Locate the two existing policy files local_policy.jar and US_export_policy.jar in the following directory:

– UNIX:<java-home>/lib/security

– Windows:C:Program FilesJavajre<version>libsecurity

  1. Replace the existing policy files with the unlimited strength policy files you extracted.

Related: