Chapter 10 Updating and Redeploying Access Manager WAR Files

Access Manager contains a number of web archive (WAR) files. These packages contain Java servlets and JavaServer Pages^TM (JSP) pages you can modify to customize Access Manager to meet your needs. The chapter contains the following sections:

• WAR Files in J2EE Software Development

• About Access Manager WAR Files

• Updating Modified WARs

• Redeploying Modified Access Manager WAR Files

WAR Files in J2EE Software Development

Access Manager is built upon the Java 2 Platform, Enterprise Edition (J2EE) platform which uses a component model to create full-scale applications. A component is self-contained functional software code assembled with other components into a J2EE application. The J2EE application components can be deployed separately on different servers. J2EE application components include the following:

• Client components such as including dynamic web pages, applets, and a Web browser that run on the client machine.

• Web components such as servlets and Java Server Pages (JSPs) that run within a web container.

• Business components, which can be code that meets the needs of a particular enterprise domain such as banking, retail, or finance. Such business components also run within the web container.

• Enterprise infrastructure software that runs on legacy machines.

Web Components

When a web browser executes a J2EE application, it deploys server-side objects known as web components. Java Server Pages (JSPs) and corresponding servlets are two such web components.

Servlets

Small Java programs that dynamically process requests and construct responses from a web browser. Servlets run within web containers.

Java Server Pages (JSPs)

Text-based documents that contain static template data such as HTML, Scalable Vector Graphics (SVG), Wireless Markup Language (WML), or eXtensible Markup Language (XML). JSPs also contain elements such as servlets that construct dynamic content.

How Web Components are Packaged

J2EE components are usually packaged separately, and then bundled together into an Enterprise Archive (EAR) file for application deployment. Web components are packaged in web application archives, also known as WAR files. Each WAR file contains servlets, JSPs, a deployment descriptor, and related resource files.

Static HTML files and JSP are stored at the top level of the WAR directory. The top-level directory contains the WEB-INF subdirectory which contains tag library descriptor files in addition to the following:

Server-side classes

Servlets, JavaBean components and related Java class files. These must be stored in the WEB-INF/classes directory.

Auxiliary JARs

Tag libraries and any utility libraries called by server-side classes. These must be stored in the WEB-INF/lib directory.

web.xml

The web component deployment descriptor is stored in the WEB-INF directory

About Access Manager WAR Files

When you customize Access Manager, sometimes you must also modify the Access Manager WAR files. The modifications in turn result in changes to the web components.

Access Manager provides two types of WAR files. One type of Access Manager WAR file is automatically built and deployed for you at installation. The password.war and services.war files are of this type. Both password.war and services.warare related to features and services that power the Access Manager server. At installation, based on the source files in the staging directory AccessManager-base/web-src/, both password.war and services.war are automatically generated and deployed into the AccessManager-base/SUNWam/war directory. When you want to customize Access Manager features or services, you must make changes in the source files contained in the staging directory, and then regenerate and redeploy the appropriate WAR files.

When you apply a patch or an upgrade to Access Manager, any customizations you have implemented may be overwritten.

The second type of Access Manager WAR is a specialized WAR file that you must manually deploy. The amaduthdistui.war for the Distributed Authentication UI, and the amclient.war for the Client SDK are such WARs. You can install amaduthdistui.war or amclient.warthrough the JES installer, or you can manually deploy one or both of them.

The following Access Manager WAR files are located in this directory:

AccessManager-base/SUNWam/

amcommon.war

Automatically deployed at installation, and builds the Liberty IDFF profile named Identity Provider Introduction which is used in implementing a circle of trust. You do not need to redeploy this WAR.

amconsole.war

If you choose the Legacy mode option during installation, this WAR is automatically deployed at installation, and builds the legacy mode administration console. Redeploy this WAR after you make changes to AccessManager-base/web-src/services/console/* source files.

ampassword.war

Automatically deployed at installation, and builds the password reset feature. Redeploy this WAR after you make changes to AccessManager-base/web-src/password/* source files.

amserver.war

Automatically deployed at installation, and builds Access Manager service components. Redeploy this WAR after you make changes to AccessManager-base/web-src/services/* source files.

The following Access Manager WARs are located in this directory:

AccessManager-base/SUNWam/war.

am_server.war

Use this WAR to manually install Access Manager as a stand-alone product, and without using the JES installer. For more information, see Chapter 12, Deploying Access Manager as a Single WAR File, in Sun Java System Access Manager 7.1 Postinstallation Guide.

amclient.war

Use this WAR to manually install the Client SDK on a container remote from the Access Manager server. For more information, see Installing the Client SDK.

amauthdistui.war

Use this WAR to manually install the Distributed Authentication UI server on a container remote from the Access Manager server. You can install this WAR using the JES installer. For more information, see Chapter 11, Deploying a Distributed Authentication UI Server, in Sun Java System Access Manager 7.1 Postinstallation Guide. You can also manually deploy this WAR. For more information, see Customizing the Distributed Authentication User Interface.

amconsole.war

Access Manager uses this WAR to build the realm mode administration console. The amconsole.war file is automatically generated and deployed, based on the source code in AccessManager-base/web-src/services/console, when Access Manager is installed. You cannot customize this WAR.

console.war

Access Manager uses this WAR to build the legacy mode administration console. The console.war file is automatically generated and deployed, based on the source code in AccessManager-base/web-src/services/console, when Access Manager is installed. You can customize this WAR. For more information, see Chapter 11, Customizing the Administration Console.

introduction.war

This WAR is related to the Liberty IDFF profile named Identity Provider Introduction which is used in implementing a circle of trust. The introduction.war file is automatically generated and deployed, based on the source code in AccessManager-base/web-src/services/common, when Access Manager is installed. You cannot customize this WAR.

password.war

Access Manager uses this WAR for the password reset service. The password.war file is automatically generated and deployed, based on the source code in AccessManager-base/web-src/services/password, when Access Manager is installed. You can customize this WAR. For more information, see the section password.war.

services.war

Access Manager uses this WAR to build the UI for various Access Manager Services. The services.war file is automatically generated and deployed, based on the source code in AccessManager-base/web-src/services/services, when Access Manager is installed. You can customize this WAR. For more information, see the section services.war.

password.war

The password.war contains files used by the Access Manager password reset service.

Files You Can Modify

You can modify the following password.war files:

• web.xml and related XML files used for constructing it are located in AccessManager-base/SUNWam/web-src/password/WEB-INF/.

• JSPs located in /SUNWam/web-src/password/password/ui/ .

• Image files located in SUNWam/web-src/password/password/images/ .

• Stylesheets located in AccessManager-base/SUNWam/web-src/password/password/css/.

Files You Must Not Modify

Do not modify the following password.war files. Modifying the following files may cause unintended Access Manager behaviors.

• JARs located in AccessManager-base/SUNWam/web-src/password/WEB-INF/lib/.

• Tag library descriptor (.tld) files located in AccessManager-base/web-src/password/WEB-INF/.

services.war

The services.war contains files used by various Access Manager services.

Files You Can Modify

You can modify the following services.war files:

• web.xml and related XML files used for constructing it are located in AccessManager-base/SUNWam/web-src/services/WEB-INF/.

• JavaScript files are located in AccessManager-base/SUNWam/web-src/services/js/.

• JSP are located in the following directories:

  • AccessManager-base/SUNWam/web-src/services/config/auth/default/

  • AccessManager-base/SUNWam/web-src/services/config/federation/default/

  Image files are located in the following directories:

  • AccessManager-base/SUNWam/web-src/services/images/

  • AccessManager-base/SUNWam/web-src/services/fed_images/

  • AccessManager-base/SUNWam/web-src/services/login_images/

  Stylesheets are located in the following directories:

  • AccessManager-base/SUNWam/web-src/services/css/.

  • AccessManager-base/SUNWam/web-src/services/fed_css/.

Files You Must Not Modify

Do not modify the following services.war files. Modifying the following files may cause Access Manager to fail:

• Non-modifiable JARs are located in AccessManager-base/SUNWam/web-src/services/WEB-INF/lib/.

• Non-modifiable Tag Library Descriptor (.tld) files are located in AccessManager-base/SUNWam/web-src/services/WEB-INF/.

Updating Modified WARs

Once a file within a WAR is modified, the WAR itself needs to be updated with the newly modified file. Following is the procedure to update a WAR.

To Update a Modified WAR

1. Go to the directory where the WAR files are kept.

   # cd AccessManager-base/ SUNWam/war

2. Run the jar command.

   jar -uvf WARfilename.war path_to_modified_file

   The -uvf option replaces the old file with the newly modified file. For example:

   # jar -uvf console.war newfile/index.html

   This command replaces the index.html file in console.war with the index.html file located in AccessManager-base/SUNWam/newfile.

3. Delete the modified file.

   # rm newfile/index.html

   Delete the modified file.

Redeploying Modified Access Manager WAR Files

Once updated, the WARs must be redeployed to their web container. The web container provides services such as request dispatching, security, concurrency, and life cycle management. The web container also gives the web components access to the J2EE APIs.

The BEA WebLogic Server 6.1 and Sun Java System Application Server web containers do not require WARs to be exploded. The servers themselves are deployed as WARs. After WAR files are installed on these servers, you must restart all related servers.

To Redeploy a WAR On BEA WebLogic Server 6.1

Run the Java command on the BEA WebLogic 6.1 Server using the following form:

java weblogic.deploy -url protocol://server_host:server_port
-component amconsole:WL61 _server_name 
deploy WL61_admin_password deployment_URI AccessManager-base/SUNWam/WARname.war

where the following variables are used:

protocol://server_host:server_port

The protocol [http | https] and fully-qualified name of the Access Manager server.

WL61 _server_name

The name of the WebLogic server.

WL61_admin_password

The WebLogic administrator password.

deployment_URI

For console.war, the deployment URI is amconsole.

For services.war, the deployment URI is amserver.

For password.war, the deployment UIR is ampassword.

AccessManager-base

The directory where the Access Manager server is installed.

WARname.war

The name of the WAR file to deploy.

[console.war | server.war | password.war]

For more complete information on the Java utility weblogic.deploy and its options, see the http://edocs.bea.com/wls/docs61/index.html.

To Redeploy a WAR File on Sun Java System Application Server 7.0

On the Application Server, run the asadmin command using the following form:

asadmin deploy -u S1AS_administrator 
-w  S1AS_administrator_password -H console_server_host
-p S1AS_server_port --type web secure_flag 
--contextroot deploy_uri --name deploy_uri 
--instance S1AS_instanceAccessManager-base/SUNWam/WARname

where the following variables are used:

S1AS_administrator

Application Server administrator

S1AS_administrator_password

Application Server administrator password

console_server_host

Access Manager server host name

S1AS_server_port

Application Server port number

deploy_uri

For console.war, the deployment URI is amconsole.

For password.war, the deployment URI is ampassword.

For services.war, the deployment URI is amservices.

S1AS_instance/AccessManager-base

Application Server directory where Access Manager server is installed

WARname.war

The name of the WAR file to deploy.

[console.war | services.war | password.war]

For more information on the asadmin deploy command and its options, see the Sun Java System Application Server 7.0 Developer’s Guide.

Redeploying an Access Manager WAR on IBM WebSphere Application Server

For detailed instructions on how to deploy WARs in an IBM WebSphere Application Server container, see the documentation that comes with the product:http://www-306.ibm.com/software/webservers/appserv/was/