Deploying Your Federation Manager WAR (Sun Java System Federation Manager 7.0 User's Guide)

Sun Java System Federation Manager 7.0 User's Guide

Deploying Your Federation Manager WAR

There are four web containers in which Federation Manager can be deployed. They are:

Sun Java System Web Server 6.1sp4
Sun Java System Application Server 8.1
BEA WebLogic Server 8.1 (minimum version supported)
WebSphere Application Server 5.1 (minimum version supported)

Instructions for deploying the Federation Manager WAR in each of these web containers can be found in the following sections.

Deploying Federation Manager in `Sun Java System Web Server`

Sun Java System Web Server has the wdeploy command line utility to deploy a WAR file. The syntax is:

wdeploy deploy -u /deployment-URI -i instance-name -v vs-id -d deployment-directory WAR-file-location

where:

`deployment-URI`	Defines the URI for the application. This value must be the same as that defined for the `SERVER_DEPLOY_URI` property in The Silent Installation File. Note – Note the inclusion of the leading slash.
`instance-name`	Defines the instance of Web Server to which you are deploying the web application.
`vs-id`	Defines the virtual server ID of the instance of Web Server to which you are deploying the web application.
`deployment-directory`	Defines the directory to which the WAR will be deployed.
`WAR-file-location`	Defines the full path to the WAR file being deployed.

When you execute wdeploy, a web application with the defined URI and directory is added to the server.xml file. The WAR file is also extracted from its location and deployed in the deployment directory.

Note –

More information on the wdeploy utility can be found in the Sun ONE Web Server 6.1 Programmer’s Guide to Web Applications.

This section contains the following procedures:

To Deploy an Instance of Federation Manager in Web Server

Type the following command replacing the variables with information regarding your deployment and hit Enter.

# WebServer-base/SUNWwbsvr/bin/https/httpadmin/bin/wdeploy deploy 
-u /deployment-URI -i instance-name -v vs-id 
-d WebServer-base/instance-name/deployment-URI war-file-location

For example:

# /WebServer-base/SUNWwbsvr/bin/https/httpadmin/bin/wdeploy deploy -
u /federation -i niceday.red.sun.com -v https-niceday.red.sun.com 
-d /opt/SUNWwbsvr/https-niceday.red.sun.com/federation 
/var/opt/SUNWam/fm/fedx/fedx.war

Restart the Web Server.

To View the Federation Manager Java API Specifications

To view the Federation Manager Java API Specifications when it is deployed in Web Server, you must first create a symbolic link by typing:

# ln -s /FederationManager-base/SUNWam/fm/docs /Web Server-doc-root/javadocs

where:

`FederationManager-base`	Defines the Federation Manager installation directory.
`Web Server-doc-root`	Defines the Web Server directory in which you store publicly available documentation files.

Once the symbolic link is defined, you can access the Java API Reference via a web browser by typing a URL in the format protocol://host:port/javadocs. For example, http://host1.sun.com:81/javadocs.

To Delete an Instance of Federation Manager from Web Server

Type the following command replacing the variables with information regarding your deployment:

# /WebServer-base/bin/https/httpadmin/bin/wdeploy delete -u /deployment-URI 
-i instance-name -v vs-id -n hard

where:

`WebServer-base`	Defines the Web Server installation directory.
`deployment-URI`	Defines the Federation Manager URI (with leading slash).
`instance-name`	Defines the instance of Web Server to which the web application is deployed.
`vs-id`	Defines the virtual server ID of the instance of Web Server to which you are deploying the web application.

For example:

# /WebServer-base/SUNWwbsvr/bin/https/httpadmin/bin/wdeploy delete -u /federation 
-i https-niceday.red.sun.com -v https-niceday.red.sun.com -n hard

Hit Enter.

Deploying Federation Manager in `Sun Java System Application Server`

With Sun Java System Application Server, you can use the deploy subcommand of the asadmin utility to deploy a WAR file. The syntax is:

# asadmin deploy --user admin-user --passwordfile filename --port port 
--contextroot deployment-URI --name deployment-URI 
--target instance-name WAR-file-location

where:

`admin-user`	Defines the ID of the Application Server administrator.
`filename`	Defines the full path to the file that stores the password of the Application Server administrator. You must manually edit this file so it can be understood by the `asadmin` utility. The password must be in the form: `AS_ADMIN_PASSWORD=password` where `password` is the password in text used during the installation of Application Server.
`port`	Defines the port for the Application Server Domain Administration Server. The default is 4849.
`deployment-URI`	Defines the URI for the application. This value must be the same as that defined for the `SERVER_DEPLOY_URI` property in The Silent Installation File.
`instance-name`	Defines the instance of Application Server to which the WAR will be deployed.
`WAR-file-location`	Defines the full path to the WAR file being deployed.

Note –

The asadmin options listed above are those relevant to deploying Federation Manager. For more information (including the full set of options), see the Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Reference Manual.

This section contains the following procedures:

To Deploy an Instance of Federation Manager in Application Server

Type the following command replacing the variables with information regarding your deployment and hit Enter.

# ApplicationServer-base/bin/asadmin deploy --user AS-administrator 
--passwordfile filename --port port-number 
--contextroot  deployment-URI --name deployment-URI 
--target instance-name war-file-location

For example:

# /opt/SUNWappserver/appserver/bin/asadmin deploy --user admin 
--passwordfile /tmp/pwdfile --port 4849 --contextroot fm --name fm 
--target server1 /var/opt/SUNWam/fm/war_staging/fm.war

Following the deployment, modify the Application Server server.policy file.

By default, server.policy is located in the /var/opt/SUNWappserver/domains/domain-name/ directory. In the server.policy sample below, all of the capitalized contents (except WEB-INF) must be replaced with information applicable to your deployment.

// Federation Manager RELATED ADDITIONS
   grant {
     permission java.util.PropertyPermission "user.language", "write";
   };
   grant codeBase "file:${BASEDIR}/${PROD_DIR}/fm/web-src/WEB-INF/lib/am_sdk.jar" {
     permission java.net.SocketPermission "*", "connect,accept,resolve";
   };
   grant codeBase "file:${BASEDIR}/${PROD_DIR}/fm/web-src/WEB-INF/lib/am_services.jar" {
        permission java.net.SocketPermission "*", "connect,accept,resolve";
   };
   grant codeBase "file:$AS81_VARDIR/domains/$AS81_DOMAIN/applications/
   j2ee-modules/${DEPLOY_WARPREFIX}/-" {
        permission java.net.SocketPermission "*", "connect,accept,resolve";
   };
   grant {
    permission java.lang.RuntimePermission "modifyThreadGroup";
    permission java.lang.RuntimePermission "setFactory";
    permission java.lang.RuntimePermission "accessClassInPackage.*";
    permission java.util.logging.LoggingPermission "control";
    permission java.lang.RuntimePermission "shutdownHooks";
    permission javax.security.auth.AuthPermission "insertProvider.Mozilla-JSS";
    permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS";
    permission javax.security.auth.AuthPermission "getLoginConfiguration";
    permission javax.security.auth.AuthPermission "setLoginConfiguration";
    permission javax.security.auth.AuthPermission "modifyPrincipals";
    permission javax.security.auth.AuthPermission "createLoginContext.*";
    permission java.security.SecurityPermission "insertProvider.Mozilla-JSS";
    permission javax.security.auth.AuthPermission "putProviderProperty.Mozilla-JSS";
    permission java.io.FilePermission "ALL FILES", "execute,delete";
    permission java.io.FilePermission "$VAR_SUBDIR/logs/*", "delete,write";
    permission java.util.PropertyPermission "java.util.logging.config.class", "write";
    permission java.security.SecurityPermission "removeProvider.SUN";
    permission java.security.SecurityPermission "insertProvider.SUN";
    permission java.security.SecurityPermission "removeProvider.Mozilla-JSS";
    permission javax.security.auth.AuthPermission "doAs";
    permission java.util.PropertyPermission "java.security.krb5.realm", "write";
    permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
    permission java.util.PropertyPermission "java.security.auth.login.config", "write";
    permission javax.security.auth.kerberos.ServicePermission "*", "accept";
    permission javax.net.ssl.SSLPermission "setHostnameVerifier";
   };

Post installation modifications to server.policy are made as follows:

Replaceable Content	Default Value
`$BASEDIR`	`/opt`
`$PROD_DIR`	`SUNWam`
`$AS81_VARDIR`	`/var/opt/SUNWappserver`
`$AS81_DOMAIN`	`domain1`
`$VAR_SUBDIR`	`/var/opt/SUNWam`
`$DEPLOY_WARPREFIX`	`federation`

Restart the Application Server.

To View the Federation Manager Java API Specifications

To view the Federation Manager Java API Specifications when it is deployed in Application Server, you must first create a symbolic link by typing:

# ln -s /FederationManager-base/SUNWam/fm/docs /Application Server-doc-root/javadocs

where:

`FederationManager-base`	Defines the Federation Manager installation directory.
`Application Server-doc-root`	Defines the Application Server directory in which you store publicly available documentation files.

Once the symbolic link is defined, you can access the Java API Reference via a web browser by typing a URL in the format protocol://host:port/javadocs. For example, http://host1.sun.com:81/javadocs.

To Delete an Instance of Federation Manager from Application Server

Type the following command replacing the variables with information regarding your deployment:

# ApplicationServer-base/bin/asadmin undeploy --user AS-administrator 
--passwordfile filename --host host --port port
 --target instance-name deployment-URI

where:

`ApplicationServer-base`	Defines the Application Server installation directory.
`AS-administrator`	Defines the administrator of the Application Server
`filename`	Defines the file that holds the Application Server administrator password.
`host`	Defines the server that is hosting Federation Manager.
`port`	Defines the port number used.
`instance-name`	Defines the instance of Application Server to which the application is deployed.
`deployment-URI`	Defines the Federation Manager URI (with leading slash).

For example:

# /opt/SUNWappserver/appserver/bin/asadmin undeploy --user admin 
--passwordfile /tmp/pwdfile --host samplehost.sun.com 
--port 4849 --target server1 /fm

Hit Enter.

Deploying Federation Manager in `BEA WebLogic Server`

With BEA WebLogic Server 8.1 (minimum version supported), you can use the weblogic.Deployer utility on the command line to deploy a WAR file. More information on this utility can be found in the BEA WebLogic Server documentation.

This section contains the following procedures:

To Deploy an Instance of Federation Manager in `BEA WebLogic Server`

Type the following command replacing the variables with information regarding your deployment and hit Enter.

# WebLogic-base/bin/java -classpath WebLogic-classpath weblogic.Deployer 
-adminurl http://server-host:server-port -name deployment-URI 
-username WebLogic-admin -password WebLogic-admin-password -target instance-name 
-deploy WAR-file-location

where:

`WebLogic-base`	Defines the WebLogic Server installation directory.
`WebLogic-classpath`	Includes the JDK path and weblogic.jar.
`server-host`	Defines the WebLogic Server host to which Federation Manager will be deployed.
`server-port`	Defines the port of the WebLogic Server host to which Federation Manager will be deployed.
`deployment-URI`	Defines the URI for the application. This value must be the same as that defined for the `SERVER_DEPLOY_URI` property in The Silent Installation File.
`WebLogic-admin`	Defines the ID of the WebLogic Server super user (weblogic, by default).
`WebLogic-admin-password`	Defines the password of the WebLogic Server super user.
`instance-name`	Defines the instance of WebLogic Server to which the WAR will be deployed.
`WAR-file-location`	Defines the full path to the WAR file being deployed.

For example:

/export/bea8/jdk142_06/bin/java -classpath /export/bea8/weblogic8/lib/weblogic.jar:. 
weblogic.Deployer -adminurl http://samplehost.sun.com:7001 -name /fm 
-username weblogic -password 11111111 -target myserver 
-deploy /var/opt/SUNWam/fm/war_staging/fm.war

Restart the WebLogic Server.

To Delete an Instance of Federation Manager from `BEA WebLogic Server`

Type the following command replacing the variables with information regarding your deployment:

# WebLogic-base/bin/java -classpath WebLogic-classpath weblogic.Deployer -undeploy 
-adminurl http://server-host:server-port -name deployment-URI 
-username WebLogic-admin -password WebLogic-admin-password 
-target WebLogic-Server

where:

`WebLogic-base`	Defines the WebLogic Server installation directory.
`WebLogic-classpath`	Includes the JDK path and weblogic.jar.
`server-host`	Defines the WebLogic Server host to which Federation Manager is deployed.
`server-port`	Defines the port of the WebLogic Server host to which Federation Manager is deployed.
`deployment-URI`	Defines the Federation Manager URI.
`WebLogic-admin`	Defines the ID of the WebLogic Server super user (weblogic, by default).
`WebLogic-admin-password`	Defines the password of the WebLogic Server super user.
`WebLogic-Server`	Defines the instance of WebLogic Server in which Federation Manager is deployed.

For example:

/export/bea8/jdk142_06/bin/java -classpath /export/bea8/weblogic8/lib/weblogic.jar:. 
weblogic.Deployer -undeploy -adminurl http://samplehost.sun.com:7001 
-name /fm -username weblogic -password 11111111 -target myserver

Hit Enter.

Deploying Federation Manager in `WebSphere Application Server`

Before deploying an application or deleting an instance in WebSphere Application Server 5.1 (minimum version supported), you must modify the Jacl (Java Action Command Language) descriptor file. Following this you may run the wsadmin.sh file from the command line. More information on both of these steps can be found in the WebSphere Application Server documentation.

This section contains the following procedures:

To Deploy an Instance of Federation Manager in `WebSphere Application Server`

Create a Jacl descriptor (for example, fmsetup.jacl) with the following content:

# $AdminApp install WAR-file-location {-contextroot 
deployment-URI -usedefaultbindings -nopreCompileJSPs -distributeApp 
-nouseMetaDataFromBinary -node WebSphereAS-node 
-cell WebSphereAS-cell -server WebSphereAS-instance 
-nodeployejb -appname deployment-URI -createMBeansForResources 
-noreloadEnabled -reloadInterval 0 -nodeployws}

where:

`WAR-file-location`	Defines the full path to the WAR file being deployed.
`deployment-URI`	Defines the Federation Manager URI. This is generally the name of the WAR file without the `.WAR` suffix.
`WebSphereAS-node`	Defines the node under which the Application Server instance is configured.
`WebSphereAS-cell`	Defines the cell under which the Application Server node is configured.
`WebSphereAS-instance`	Defines the instance of the Application Server to which Federation Manager will be deployed.

Save the configuration with the following command:
# $AdminConfig save

After editing the Jacl descriptor, run the following command to deploy the WAR:
# WebSphereAS-base/bin/wsadmin.sh -f Jacl-descriptor-file
where:

Jacl-descriptor-file

Defines the full path to the Jacl descriptor previously created.

To Delete an Instance of Federation Manager from `WebSphere Application Server`

Edit the Jacl descriptor by adding the following:

\$AdminApp uninstall deploy-tag {-node WebSphereAS-node -cell WebSphereAS-cell -server WebSphereAS-instance}

where:

`deploy-tag`	Defines the Federation Manager URI. This is generally the name of the WAR file without the `.WAR` suffix.
`WebSphereAS-node`	Defines the node under which the Application Server instance is configured.
`WebSphereAS-cell`	Defines the cell under which the Application Server node is configured.
`WebSphereAS-instance`	Defines the instance of the Application Server to which Federation Manager will be deployed.

After editing the Jacl descriptor, run the following command to delete the instance:
# WebSphereAS-base/bin/wsadmin.sh -f Jacl-descriptor-file