The section describes how to run the Java SSM in WebSphere RAD and Eclipse development environments. This includes instructions for setting up sample applications that are provided when the Java SSM is installed.
This section demonstrates how to run the Java SSM in WebSphere RAD using the sample application provided in BEA_HOME
\ales30-ssm\java-ssm\examples\JavaAPIExample
.
These steps were performed using WebSphere RAD 6.0.0 with the pre-installed IBM JDK.
README
in BEA_HOME\ales30-ssm\java-ssm\examples\JavaAPIExample
to setup the sample policies for this example.BEA_HOME\ales30-ssm\java-ssm\examples\JavaAPIExample\src
directory into the new project.BEA_HOME\ales30-ssm\java-ssm\examples\JavaAPIExample\config\run.bat
file to the Java Build Path in the Project Properties. To do this:
BEA_HOME\ales30-ssm\java-ssm\lib
(except for pdsoap1.jar
)BEA_HOME\ales30-ssm\java-ssm\lib\providers\ales
main()
method, right-click the Java file and select Run. Then select Run with the green arrow icon.com.bea.security.examples.JavaAPIExample
.BEA_HOME\ales30-ssm\java-ssm\examples\JavaAPIExample
) into the VM arguments field.
-Dwles.scm.port=7013 -Dwles.arme.port=8100 -Dwles.config.signer=<HOSTNAME> -Dlog4j.configuration="file:./java-ssm/instance/jssm/config/log4j.properties" -Dlog4j.ignoreTCL=true -Dwles.ssl.passwordFile="C:/bea/ales30-shared/keys/password.xml" -Dwles.ssl.passwordKeyFile="C:/bea/ales30-shared/keys/password.key" -Dwles.ssl.identityKeyStore="C:/bea/ales30-shared/keys/identity.jceks" -Dwles.ssl.identityKeyAlias=wles-ssm -Dwles.ssl.identityKeyPasswordAlias=wles-ssm -Dwles.ssl.trustedCAKeyStore="C:/bea/ales30-shared/keys/trust.jks" -Dwles.ssl.trustedPeerKeyStore="C:/bea/ales30-shared/keys/peer.jks" -Djava.io.tmpdir="./java-ssm/instance/jssm/work/jar_temp" -Darme.configuration="./java-ssm/instance/jssm/config/WLESarme.properties" -Dales.blm.home="./java-ssm/instance/jssm" -Dkodo.Log=log4j -Dwles.scm.useSSL=true -Dwles.providers.dir=./java-ssm/lib/providers
For example, BEA_HOME\ales30-ssm\java-ssm\examples\JavaAPIExample\build\config
.
BEA_HOME
BEA_HOME\ales30-ssm\java-ssm\instance\jssm\config
NOTE: If an exception like the following appears...
com.bea.security.management.ConfigurationException: Error initializing the SCM SSL context. at com.bea.security.internal.css.SCMConfiguration.configureRealm(SCMConfiguration.java:512)
...then do the following to switch to a standard JDK installation:
To troubleshoot any problems, enable verbose debugging on the Java-SSM and examine the log for the authorization events. To do this:
logj.properties
in the SSM instance’s config
directory in an editor and uncomment the following lines:
log4j.logger.com.bea.security.providers.authorization = DEBUG
log4j.logger.com.wles.util.DebugStore=DEBUG
log
directory. system_console.log
in the instance’s log
directory for authorization events, such as:2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - evaluateRuleArray(): Evaluate policy: 4405:grant(//priv/buy,//app/policy/jssm/store/book,//role/borrower)
2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - boolEvaluate() entered for rule with condition: true
2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - constraint evaluation result is: true
2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - append return attributes.
2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - boolEvaluate(): Evaluation result size is 0.
2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - evaluateRuleArray(): Evaluate result: true
2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - evaluateGrantPolicy result: true
2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.evaluator.BoolEvaluator - authEvalWorker: evalute with roles return GRANT
2008-04-14 15:03:28,343 [main] DEBUG com.wles.util.DebugStore - queryAccess: DebugStore:
========== Policy Evaluation Info ==========
RequestResource is: //app/policy/jssm/store/book
UserInfo:
Name: //user/asi/system/
Groups: //sgrp/asi/allusers/
Resource Present: true
Roles Granted: //role/borrower //role/EntitlementsAdmin
Role Mapping Policies:
1. Result: true; Policy Type: grant
Role: //role/borrower
Resource: //app/policy/jssm/store
Subject: //user/asi/system/
Constraints: canbuy="yes"
Evaluated Attributes and Functions:
sys_user(dynamic) = system
canbuy(dynamic) = yes
2. Result: true; Policy Type: grant
Role: //role/EntitlementsAdmin
Resource: //app/policy
Subject: //user/asi/system/
Constraints: NONE
ATZ Policies:
1. Result: true; Policy Type: grant
Privilege: //priv/buy
Resource: //app/policy/jssm/store/book
Subject: //role/borrower
Constraints: NONE
========== Policy Evaluation Info ==========
2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.ARME.engine.ARME - unlock policy lock for read
2008-04-14 15:03:28,343 [main] DEBUG com.bea.security.providers.authorization.asi.AuthorizationProviderImpl - result is GRANT
2008-04-14 15:03:28,359 [main] DEBUG com.bea.security.providers.authorization.asi.AccessResultLogger - Subject Subject:
Principal: system
privilege buy resource //app/policy/jssm/store/book result PERMIT
This section demonstrates how to run the Java SSM in Eclipse using the sample application provided in BEA_HOME\ales30-ssm\java-ssm\examples\JavaAPIExample
.
BEA_HOME\ales30-ssm\java-ssm\examples\JavaAPIExample
set-env.bat
of SSM instance. Place the following external jar files into "Java Build Path" of Eclipse project
saaj.jar
api.jar
css.jar
log4j.jar
scmapi.jar
framework.jar
jsafeJCEFIPS.jar
asi_classes.jar
connector.jar
EccpressoCore.jar
EccpressoJcae.jar
jmx.jar
jsafeFIPS.jar
asitools.jar
ssladapter.jar
sslplus.jar
wlcipher.jar
antlr.jar
javax.servlet.jar
org.apache.jasper.jar
org.mortbay.jetty.jar
pdsoap.jar
process.jar
sslclient.jar
sslserver.jar
webservice.jar
webserviceclient.jar
ld-server-core.jar
ld-client.jar
wlsdo.jar
wlxbean.jar
xbean.jar
xqrl.jar
jaxrpc.jar
wsdl4j-1.5.1.jar
axis.jar
commons-discovery-0.2.jar
commons-logging-1.0.4.jar
providers/ales/serp.jar
providers/ales/commons-collections-3.2.jar
providers/ales/commons-lang-2.1.jar
providers/ales/commons-pool-1.3.jar
providers/ales/CR338979_414_jdk1.4.jar
providers/ales/jdo.jar
providers/ales/jta-spec1_0_1.jar
providers/ales/kodo-runtime.jar
providers/ales/openjpa.jar
BEA_HOME
and BEA_HOME\ales30-ssm\java-ssm\<
instance>\config
directories into the Eclipse classpath.Note: | If Eclipse reports, "Cannot not nest the directory inside library <BEA-HOME> ", copy license.bea into the instances config directory. |
Note the following error conditions and resolution:
AXIS SOAP compatibility issue:
'java.lang.NoSuchFieldError: RPC'
The issue is caused by AXIS SOAP stack compatibility between different AXIS version. Delete pdsoap1.jar
from classpath.
License Check:
'Got exception in reading the license file'.
Make sure license.bea
file is in classpath.
XML Parsing:
'java.lang.NoSuchMethodException: org.apache.axis.encoding.ser.ArraySerializerFactory.
create(java.lang.Class, javax.xml.namespace.QName)'
Only the jar files set in set-env.bat
should be included in the project. Files like the following are not needed and should be removed:
— com.bea.core.common.security.opensaml2_4.0.0.0.jar
, — com.bea.core.xml.beaxmlbeans_2.2.0.0.jar
— javax.xml.stream_1.0.0.0.jar
— xml-apis.jar