Knowledgebase

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Running the Java SSM in Java Development Environments

The section describes how to run the Java SSM in WebSphere RAD and Eclipse development environments. This includes instructions for setting up sample applications that are provided when the Java SSM is installed.

 

WebSphere RAD Environments

This section demonstrates how to run the Java SSM in WebSphere RAD using the sample application provided in BEA_HOME\ales32-ssm\java-ssm\examples\JavaAPIExample. These steps were performed using WebSphere RAD 6.0.0 with the pre-installed IBM JDK.

  1. Follow the README in BEA_HOME\ales32-ssm\java-ssm\examples\JavaAPIExample to setup the sample policies for this example.
  2. Start WebSphere RAD in a new workspace and create a new Java project.
  3. Right-click the project and select Import to import the Java file from the BEA_HOME\ales32-ssm\java-ssm\examples\JavaAPIExample\src directory into the new project.
  4. Add all of the ALES libraries used by the BEA_HOME\ales32-ssm\java-ssm\examples\JavaAPIExample\config\run.bat file to the Java Build Path in the Project Properties. To do this:
    1. Right-click the project and select Properties.
    2. Click Java Build Path.
    3. On the Libraries tab, click Add External JARs and add the jar files located in the following directories:

      4. BEA_HOME\ales32-ssm\java-ssm\lib (except for pdsoap1.jar)
      BEA_HOME\ales32-ssm\java-ssm\lib\providers\ales

    4. Click OK and allow the project to build. All errors should be resolved.
  5. To setup the arguments for the main() method, right-click the Java file and select Run. Then select Run with the green arrow icon.
  6. In the Run dialog, select Java Application. Then click New. and supply a well-defined name for the configuration.
  7. Click Search to find the Java class with the main method. In this example it would be com.bea.security.examples.JavaAPIExample.
  8. On the Arguments tab, paste in the command line options used by run.bat (in the BEA_HOME\ales32-ssm\java-ssm\examples\JavaAPIExample) into the VM arguments field.

    9. Example of the settings used:

    -Dwles.scm.port=7013 -Dwles.arme.port=8100 -Dwles.config.signer=<HOSTNAME> -Dlog4j.configuration="file:C:/bea/ales32-ssm/java-ssm/instance/jssm/config/log4j.properties" -Dlog4j.ignoreTCL=true -Dwles.ssl.passwordFile="C:/bea/ales32-shared/keys/password.xml" -Dwles.ssl.passwordKeyFile="C:/bea/ales32-shared/keys/password.key" -Dwles.ssl.identityKeyStore="C:/bea/ales32-shared/keys/identity.jceks" -Dwles.ssl.identityKeyAlias=wles-ssm -Dwles.ssl.identityKeyPasswordAlias=wles-ssm -Dwles.ssl.trustedCAKeyStore="C:/bea/ales32-shared/keys/trust.jks" -Dwles.ssl.trustedPeerKeyStore="C:/bea/ales32-shared/keys/peer.jks" -Djava.io.tmpdir="C:/bea/ales32-ssm/java-ssm/instance/jssm/work/jar_temp" -Darme.configuration="C:/bea/ales32-ssm/java-ssm/instance/jssm/config/WLESarme.properties" -Dales.blm.home="C:/bea/ales32-ssm/java-ssm/instance/jssm" -Dkodo.Log=log4j -Dwles.scm.useSSL=true -Dwles.providers.dir=C:/bea/ales32-ssm/java-ssm/lib/providers

  9. While in the Arguments tab, clear the Use default working directory checkbox.
  10. Select the File System and browse to the build directory of the JavaAPIExample.

    11. For example, BEA_HOME\ales32-ssm\java-ssm\examples\JavaAPIExample\build\config.

  11. On the Classpath tab, select the User Entries node on the Classpaths tree. Then click the Advanced button and select Add External Folder and add the following external folders:

    12. BEA_HOME
    BEA_HOME\ales32-ssm\java-ssm\instance\jssm\config

  12. Click Apply and then Run.

    13. NOTE: If an exception like the following appears...

    com.bea.security.management.ConfigurationException: Error initializing the SCM SSL context. at com.bea.security.internal.css.SCMConfiguration.configureRealm(SCMConfiguration.java:512)

    ...then do the following to switch to a standard JDK installation:

    1. Select Window->Preferences->Java -> Installed JREs.
    2. Select add and add a JVM (Sun or BEA JRockit).
    3. Select OK and check the newly added JVM.
  13. Enter in the arguments to see the example correctly authorizing a subject on a resource.

Troubleshooting

To troubleshoot any problems, enable verbose debugging on the Java-SSM and examine the log for the authorization events. To do this:

  1. Open logj.properties in the SSM instance’s config directory in an editor and uncomment the following lines:

    2. log4j.logger.com.bea.security.providers.authorization = DEBUG
    log4j.logger.com.wles.util.DebugStore=DEBUG

  2. Clear out the log files in the SSM instance’s log directory.
  3. Re-run the Java SSM example and examine system_console.log in the instance’s log directory for authorization events, such as:
    4. 2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - evaluateRuleArray(): Evaluate policy: 4405:grant(//priv/buy,//app/policy/jssm/store/book,//role/borrower)
    2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - boolEvaluate() entered for rule with condition: true
    2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - constraint evaluation result is: true
    2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - append return attributes.
    2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - boolEvaluate(): Evaluation result size is 0.
    2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - evaluateRuleArray(): Evaluate result: true
    2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - evaluateGrantPolicy result: true
    2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - authEvalWorker: evalute with roles return GRANT
    2008-04-14 15:03:28,343 [main] DEBUG com.wles.util.DebugStore - queryAccess: DebugStore: 

    ========== Policy Evaluation Info ==========
    RequestResource is: //app/policy/jssm/store/book
    UserInfo:
        Name: //user/asi/system/
        Groups: //sgrp/asi/allusers/ 
    Resource Present: true
    Roles Granted: //role/borrower //role/EntitlementsAdmin 
    Role Mapping Policies:
        1. Result: true; Policy Type: grant
            Role: //role/borrower
            Resource: //app/policy/jssm/store
            Subject: //user/asi/system/
            Constraints: canbuy="yes"
            Evaluated Attributes and Functions:
                sys_user(dynamic) = system
                canbuy(dynamic) = yes

        2. Result: true; Policy Type: grant
            Role: //role/EntitlementsAdmin
            Resource: //app/policy
            Subject: //user/asi/system/
            Constraints: NONE

    ATZ Policies:
        1. Result: true; Policy Type: grant
            Privilege: //priv/buy
            Resource: //app/policy/jssm/store/book
            Subject: //role/borrower
            Constraints: NONE

    ========== Policy Evaluation Info ==========
    2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.engine.ARME - unlock policy lock for read
    2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.AuthorizationProviderImpl - result is GRANT
    2008-04-14 15:03:28,359 [main] DEBUG com.bea.security.providers.authorization.asi.AccessResultLogger - Subject Subject:
    	Principal: system
     privilege buy resource //app/policy/jssm/store/book result PERMIT

 

Eclipse

In Eclipse, create a Java Project from using the sample found in the following directory:

BEA_HOME/ales32-ssm/JavaSSM/Examples/JavaAPIExample

  1. Create a Java Project and create project from existing source:
  2. Set the CLASSPATH in Java Project based on set-env.bat of SSM instance. Copy the following external jar files into Java Build Path of Eclipse project:

    3. %INSTALL_HOME%\lib\api.jar
    %INSTALL_HOME%\lib\css.jar
    %INSTALL_HOME%\lib\asn1.jar
    %INSTALL_HOME%\lib\saaj.jar
    %INSTALL_HOME%\lib\framework.jar
    %INSTALL_HOME%\lib\scmapi.jar
    %INSTALL_HOME%\lib\log4j.jar
    %INSTALL_HOME%\lib\jmx.jar
    %INSTALL_HOME%\lib\connector.jar
    %INSTALL_HOME%\lib\asi_classes.jar
    %INSTALL_HOME%\lib\EccpressoCore.jar
    %INSTALL_HOME%\lib\EccpressoJcae.jar
    %INSTALL_HOME%\lib\jsafe.jar
    %INSTALL_HOME%\lib\jsafeJCE.jar
    %INSTALL_HOME%\lib\jsafeFIPS.jar
    %INSTALL_HOME%\lib\jsafeJCEFIPS.jar
    %INSTALL_HOME%\lib\sslplus.jar
    %INSTALL_HOME%\lib\ssladapter.jar
    %INSTALL_HOME%\lib\wlcipher.jar
    %INSTALL_HOME%\lib\asitools.jar
    %INSTALL_HOME%\lib\process.jar
    %INSTALL_HOME%\lib\webservice.jar
    %INSTALL_HOME%\lib\webserviceclient.jar
    %INSTALL_HOME%\lib\org.mortbay.jetty.jar
    %INSTALL_HOME%\lib\javax.servlet.jar
    %INSTALL_HOME%\lib\org.apache.jasper.jar
    %INSTALL_HOME%\lib\sslserver.jar
    %INSTALL_HOME%\lib\sslclient.jar
    %INSTALL_HOME%\lib\pdsoap.jar
    %INSTALL_HOME%\lib\antlr.jar
    %INSTALL_HOME%\lib\ld-server-core.jar
    %INSTALL_HOME%\lib\wlsdo.jar
    %INSTALL_HOME%\lib\wlxbean.jar
    %INSTALL_HOME%\lib\xbean.jar
    %INSTALL_HOME%\lib\xqrl.jar
    %INSTALL_HOME%\lib\ld-client.jar
    %INSTALL_HOME%\lib\rmi-ssm.jar
    %INSTALL_HOME%\lib\rmi-types.jar
    %INSTALL_HOME%\lib\axis.jar
    %INSTALL_HOME%\lib\commons-logging-1.0.4.jar
    %INSTALL_HOME%\lib\commons-discovery-0.2.jar
    %INSTALL_HOME%\lib\wsdl4j-1.5.1.jar
    %INSTALL_HOME%\lib\jaxrpc.jar
    %INSTALL_HOME%\lib\providers\ales\CR338979_414_jdk1.4.jar
    %INSTALL_HOME%\lib\providers\ales\kodo-runtime.jar
    %INSTALL_HOME%\lib\providers\ales\jdo.jar
    %INSTALL_HOME%\lib\providers\ales\openjpa.jar
    %INSTALL_HOME%\lib\providers\ales\commons-lang-2.1.jar
    %INSTALL_HOME%\lib\providers\ales\jta-spec1_0_1.jar
    %INSTALL_HOME%\lib\providers\ales\openjpa.jar
    %INSTALL_HOME%\lib\providers\ales\commons-collections-3.2.jar
    %INSTALL_HOME%\lib\providers\ales\commons-pool-1.3.jar
    %INSTALL_HOME%\lib\providers\ales\serp.jar

  3. Add the BEA_HOME and BEA_HOME\ales32-ssm\java-ssm\<instance>\config directories into the Eclipse classpath.
    4. Note: If Eclipse reports, "Cannot not nest the directory inside library <BEA-HOME> ", copy license.bea into the instances config directory.
  4. Set the following run configurations in the project:
    • Working directory — BEA_HOME\ales30-ssm\java-ssm\example\JavaAPIExample\build\config
    • VM arguments based on %JAVA-OPTIONS% of set-env.bat.

Troubleshooting

Note the following error conditions and resolution:

AXIS SOAP compatibility issue:
'java.lang.NoSuchFieldError: RPC'
The issue is caused by AIXS SOAP stack compatibility between different AIXS version. Remove pdsoap1.jar from class path.

License Check:
'Got exception in reading the license file'.
Make sure license.bea file is in class path.

XML Parsing:
'java.lang.NoSuchMethodException: org.apache.axis.encoding.ser.ArraySerializerFactory.
create(java.lang.Class, javax.xml.namespace.QName)'
Only the jar files set in set-env.bat should be included in the project. Remove all other jar files. Files like the following are not needed and should be removed:

— com.bea.core.common.security.opensaml2_4.0.0.0.jar,
— com.bea.core.xml.beaxmlbeans_2.2.0.0.jar
— javax.xml.stream_1.0.0.0.jar
— xml-apis.jar


  Back to Top       Previous  Next