From DeveloperWorks, System administration for WebSphere Application Server V7: Part 1 — An overview of administrative enhancements

This series of articles describes several important new administration features available in IBM WebSphere Application Server V7. Part 1 introduces these features and subsequent articles will explore specific features in detail. (IBM WebSphere Developer Technical Journal)

A discussion of the new features from an administration perspective. You'll need to know this as all the dependent websphere products re-based themselves on this new level of WAS over time.

Related Posts

• What’s new in WebSphere Application Server V7
• The WebSphere Contrarian: Are you sure you want to reorg that messaging engine database?
• Using Spring and Hibernate with WebSphere Application Server
• WebSphere Application Server: Component vs Container Managed Authentication Alias
• Follow up to Profile Creation Fails on WebSphere 6.1.0.19: Java Juristiction Policy Files

IBM is hosting a WebSphere SOA Connectivity Briefing in Toronto: Strategies for recovering your IT budget with IBM WebSphere MQ & SOA Connectivity

Details:

Sheraton Center Toronto Hotel
November 25, 2008
8:00am - 12:00pm

123 Queen Street West
Toronto Ontario M5H2M9
Phone: 416-947-4848

I’ll be there representing Perficient. My current plans are to get a DataPower box and hook up a little demo with DataPower pulling large industry-standard schema messages off MQ and transforming them and comparing that to the time it takes WebSphere Application server to do the same amount of work.

So if you happen to be in Toronto and would like to see a Datapower box in action, let me know and I can add you to the invite list.

Related Posts

• IBM WebSphere DataPower SOA Appliances Part I: Overview and Getting Started
• Make SOA real with IBM WebSphere Enterprise Service Bus and IBM WebSphere DataPower SOA Appliances
• “What’s New in WebSphere DataPower v3.6.1″
• WB552: Random DataPower Thoughts Part 12
• Build an RSS aggregator using IBM WebSphere DataPower SOA Appliances multistep

A few weeks ago, I discussed an issue where a profile could no longer be created on WebSphere Application Server 6.1.0.19. It boiled down to an issue with the Java security policy files and thier ‘restricted’ and ‘unrestricted’ flavours. At the time, I thought that WebSphere actually required the unrestricted versions.

To test my theory I created my own 6.1.0.19 server and created a profile. It worked just fine without installing the unrestricted policy files.  This means that my issue is that my environment is actually telling WebSphere (some-how) to use encryption algorithims used in the unrestricted jar. I’m still trying to figure out what part of my environment setup is doing this, but I thought it would be a service to the internet to document where I’m at currently.

IBM Documentation on the subject

Related Posts

• Profile Creation on WebSphere Application Server 6.1.0.19 Fails with Certificate Error
• IBM APAR PK49507: PROFILE RECREATION Required!
• WebSphere 6.1 and Jakarta Commons Logging (JCL) using Log4J in an EJB
• Still Springing Along
• Connecting to Oracle BPEL hosted on WebSphere Application Server 6.1 with JDeveloper

We installted WebSphere Application Server 6.1.0.19 and recieved the following error when creating a profile:

Caused by: java.lang.SecurityException: Cannot
set up certs for trusted CAs
 at javax.crypto.b.clinit(Unknown Source)
 at java.lang.J9VMInternals.initializeImpl(Native Method)
 at java.lang.J9VMInternals.initialize(J9VMInternals.java:194)
 ... 63 more
Caused by: java.lang.SecurityException: Jurisdiction policy
files are  not signed by trusted signers!
 at javax.crypto.b.a(Unknown Source)
 at javax.crypto.b.a(Unknown Source)
 at javax.crypto.b.access$600(Unknown Source)
 at javax.crypto.b$0.run(Unknown Source)
 at
java.security.AccessController.doPrivileged
(AccessController.java:246)

The ‘Jurisdiction Policy Files’ are the cryptographic jars found in the security directory of your Java Runtime Environment. They control what encryption algorithms are allowed in your country based on U.S. Export policy. Usually what you need to do is grab the unrestricted ones from the IBM Java website and then overwrite the ‘resticted (less functional)’ ones after server installation but before profile creation.

I dug a little deeper into the issue and found that in 6.1.0.19, the IBM Restricted/Unrestricted cryptographic export jars were updated. I hear that it had something to do with the signing of the jars expiring since they’ve been around so long. So if you stick with restricted the ones that are included in the 6.1.0.19 fixpack, you’ll find that you are unable to create a profile successfully.

The fix is to go and overwrite those restricted jars with the unrestricted copies provided by IBM. Hopefully they’ll get packaged into an official ifix pack or something.

* I do wonder though if we’ve run into this error because we didn’t apply a server JDK fixpack to the server or something along those lines, but this is mere speculation. Maybe one of my more experienced colleagues will install a server and tell me that they didn’t get this error.

Related Posts

• Follow up to Profile Creation Fails on WebSphere 6.1.0.19: Java Juristiction Policy Files
• IBM APAR PK49507: PROFILE RECREATION Required!
• WebSphere Admin Console SRVE0190E: FileNotFound Errors when clicking certain hyperlinks
• javax.xml.bind.JAXBException: Unable to locate jaxb.properties for package {0}
• DB2 SQL Error: SQLCODE: -104, SQLSTATE: 42601, SQLERRMC: INSERT INTO TABLE VALUES (?,?,?);BEGIN-OF-STATEMENT;

We had this error code occuring during execution of an SQL statement in a J2EE application to DB2 in WebSphere.

A google search turned up a thin number of documents that hinted the problem was due to a malformed SQL Query. Looking at the code, everything looked ok. Connections were closed in the correct spots, the statement was being executed.

More interestingly, it was reported that this exception occurred on the SECOND invocation of the code. Usually, when something works once and then fails a second time in a piece of WebSphere that is heavily used like connecting to JDBC providers, I suspect the custom code before I point a finger at the platform.

When I looked at the code, I noticed:

String sqlString = ""
For (condition) {
sqlString.append("INSERT INTO...");
}

Basically, the developer had missed re-initializing the value of the string over subsequent iterations of the loop. The second time through the loop the SQL string would look like:

INSERT INTO .... ?,);INSERT INTO .... VALUES...?);

What annoys me is that rather than DB2 telling me simply “Hey, you’ve got two SQL statements chained together and that’s invalid”, it gives me an error code that relates to nothing. It has corrupted the problem from the developers problem domain to the DB2 problem domain. The developer would instantly recognize two SQL statements being chained together. The developer will never understand that SQLCODE -104, SQLSTATE 42601 means anything.

I’d love to see a new IBM policy of presenting exceptions in the domain of the user rather than the domain of the product developer.

Related Posts

• Oracle XA_RMERR & Spring Oracle LOB Handler Exceptions
• WebSphere Application Server: Non-Deterministic Error when configuring Default Messaging Activation Specs
• IBM Client Application For JMS - Put JMS messages in queues
• Still Springing Along
• WebSphere Admin Console SRVE0190E: FileNotFound Errors when clicking certain hyperlinks

From DeveloperWorks, Using Spring and Hibernate with WebSphere Application Server

If you're considering using Spring or Hibernate with IBM WebSphere Application Server, this article explains how to configure these frameworks for various scenarios with WebSphere Application Server. This article is not an exhaustive review of either framework, but a critical reference to help you successfully implement such scenarios. (Updated for Spring Framework 2.5 and WebSphere Application Server V7.) (IBM WebSphere Developer Technical Journal)

Related Posts

• WebSphere Application Server and The Spring Framework
• Still Springing Along
• Adding pre-built JAR files to your EAR in Rational Application Developer
• Do not use forward slashes in SIBus Destination names with JMS
• System administration for WebSphere Application Server V7: Part 1 — An overview of administrative enhancements

When defining the usage of an authentication alias in a resource in the administration console of WebSphere Application Server, there are two places the data can be specified:

1. Component Managed Authentication
2. Container Managed Authentication

Component Managed Authentication is used when the resource configured in the EJB’s deployment descriptor res-auth property is set to ‘Application’.

Container Managed Authentication is used when the resource configured in the EJB’s deployment descriptor res-auth property is set to ‘Container’.

The WebSphere v6 Administration Console notes that Container managed is deprecated and that component should be used.

EDIT #1: Thanks to David Currie for pointing out that it’s actually the specification of the authentication alias directly in the resource that is deprecated.

You should verify the res-auth setting of your jndi resources if you find that you configured an authentication aliasbut recieve an exception about null username at runtime.

Related Posts

• WebSphere 6.1 and Jakarta Commons Logging (JCL) using Log4J in an EJB
• IBM APAR PK49507: PROFILE RECREATION Required!
• WebSphere Application Server: Non-Deterministic Error when configuring Default Messaging Activation Specs
• System administration for WebSphere Application Server V7: Part 1 — An overview of administrative enhancements
• Adding pre-built JAR files to your EAR in Rational Application Developer

Should you find that you have some links in your WebSphere Administration console that generate an error in the following format:

com.ibm.ws.webcontainer.webapp.WebAppErrorReport:
SRVE0190E: File not found: /xxxxxxxxxxx.content.main
at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java)
at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java)
at com.ibm.ws.webcontainer.servlet.FilterProxyServlet.dispatch(FilterProxyServlet.java)
at com.ibm.ws.webcontainer.servlet.FilterProxyServlet.service(FilterProxyServlet.java)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java(Compiled Code))
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java(Compiled Code))
t com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java(Compiled Code))
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java(Compiled Code))
at com.ibm.wsspi.webcontainer.extension.WebExtensionProcessor.invokeFilters(WebExtensionProcessor.java)
at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.handleRequest(DefaultExtensionProcessor.java)

It appears that the admin console couldn’t find the servlet that should be used to display the page.

You likely have a corrupted Admin console registry. You can run

iscdeploy -restore

from the ‘bin’ directory of the profile in question. This will cause WebSphere Application Server to reinstall the admin console.

The relevant information from an IBM technote can be found here.

Related Posts

• WebSphere Adapter for JDBC Export - ‘InvalidVerbException’
• WebSphere Adapter for JDBC: SetObjectKeys NullPointer Exception
• The WebSphere Exception Trace: Deconstructed
• Make SOA real with IBM WebSphere Enterprise Service Bus and IBM WebSphere DataPower SOA Appliances
• WebSphere Process Server’s default log size: Very Small

From DeveloperWorks, What's new in WebSphere Application Server V7

IBM WebSphere Application Server V7 has powerful new features and dramatic enhancements to help you achieve heightened productivity, stronger security, tighter integration, and simplified administration. Find out about some of the new key features that enable this new release to provide a flexible and reliable foundation for your service-oriented architecture.

Related Posts

• System administration for WebSphere Application Server V7: Part 1 — An overview of administrative enhancements
• What’s new in WebSphere Process Server V6.1.2
• What’s new in IBM WebSphere Enterprise Service Bus V6.1
• What’s new in WebSphere Integration Developer V6.1.2
• WebSphere Application Server: Component vs Container Managed Authentication Alias

The WebSphere Community Blog pointed out that there is a new WebSphere Application Server 7.0 Feature Pack available for download. This one will enable the Tuscany implementation of SCA inside the WebSphere Container.

It should be noted that this version of SCA is not the same one included in WebSphere Process Server. I would just assume that you can’t call a WPS 6.1 SCA Export from a WAS 7.0 SCA Import.

Related Posts

• Introducting the SCA HTTP Binding
• Exploring The Contents of a WID Module Project
• Versioning business processes and human tasks in WebSphere Process Server
• SCA, BPEL, Websphere Adapter for JDBC and Transactionality
• Oracle SOA Suite 11g - Hello Competition!

Was getting the following oracle exception when trying to use an Oracle XA datasource from WebSphere:

WSRdbXaResour E
 DSRA0304E:  XAException occurred. XAException
contents and details are:
The XA Error is            : -3
The XA Error message is    : A resource
manager error has occured in the transaction branch.
The Oracle Error code is   : 65535
The Oracle Error message is: Internal XA Error
The cause is               : null.
[8/13/08 14:22:50:777 EDT] 00000066 WSRdbXaResour E
DSRA0302E:  XAException occurred.
Error code is: XAER_RMERR (-3).
Exception is: <null>

This led me to the standard “Oracle is not configured to support XA”. Alas, the admin ran the scripts and we continued to get it.

We were also getting

OracleLobHand E org.springframework.jdbc.support.lob.OracleLobHandler
$OracleLobCreator close Could not free Oracle LOB
java.sql.SQLException: Protocol violation

Then the version of the jdbc driver caught my eye:

InternalOracl I   DSRA8205I: JDBC driver name  : Oracle JDBC driver
InternalOracl I   DSRA8206I: JDBC driver version  : 9.2.0.1.0
InternalOracl I   DSRA8212I: DataStoreHelper name is:
com.ibm.websphere.rsadapter.Oracle10gDataStoreHelper@218a218a.
WSRdbDataSour I   DSRA8208I: JDBC driver type  : ""

Notice that a very old 9i driver was in use connecting to our 10g database. I upgraded the driver to 10.2.0.3 and the problem was resolved.

Related Posts

• Spring: ClassPathXmlApplicationContext File Lookup / Database Exceptions
• DB2 SQL Error: SQLCODE: -104, SQLSTATE: 42601, SQLERRMC: INSERT INTO TABLE VALUES (?,?,?);BEGIN-OF-STATEMENT;
• Still Springing Along
• Oracle DBMS_CRYPTO Encryption
• Integrating Oracle BPEL with an HTTP (REST) Service

Before I could do any of the steps below to invoke a REST service or install my BPEL suitcase, I needed to figure out how to connect JDeveloper to my application server. It’s not an obvious procedure.

1. In JDeveloper, flip to the connections view.
2. Create a new Application Server Configuration.
   1. Choose to create a Standalone OC4J 10g 10.1.3 Connection Type
   2. Enter your username and password to connect to the application server
   3. Enter the hostname
   4. For RMI Port, I had to use the port defined for ‘WC_defaulthost ‘ which was 9080. This part I don’t understand. I would have thought that 2809 was correct but it didn’t work. Take this step with a grain of salt.
   5. Click Test Connection. You should get back a warning that ORMI couldn’t be contacted. That’s ok, you can ignore it.
3. Create a new Integration Server.
   1. Use the Application Server connection created above.
   2. Click Test Connection.
   3. Obtain the following result:
      “Application Server: FAILED
      BPEL Process Manager Server: OK
      ESB Server: FAILED”

You now have a connection to the Oracle BPEL contained inside of WebSphere. You can now right click your BPEL project and choose “Deploy” to install the app on the server.

Related Posts

• Oracle BPEL ‘Suitcase’ JAR Deployment Options
• IBM Client Application For JMS - Put JMS messages in queues
• WebSphere Application Server and The Spring Framework
• WebSphere Application Server: Non-Deterministic Error when configuring Default Messaging Activation Specs
• IBM Software Support Lifecycle - General Availability, End Of Marketing, End of Support Dates

I had the need to be able to place a JMS Message onto a Service Integration Bus Queue. I tried to use the SIBus Explorer, but it really didn’t like my WebSphere v6.1 configuration and would always throw an exception.

I then checked out the IBM Client Application Tool for JMS pointed out to me by David Currie a few months ago. It’s actually really awesome. It does require an application server in order to reference jars that are required for the classpath, but if you have an install somewhere, this is a tool you will like.

Basically, you can connect to any remote WebSphere server and use JNDI to lookup JMS resources and create JMS messages. For my remote server the provider url is of the form:

corbaloc:iiop:<hostname>:<Server Bootstrap Port>

corbaloc:iiop:danhost:2809

There is one caveat: If you are looking up a connection factory on a remote machine, then the JMS connection factory will need to have it’s Provider Endpoint configured. By default, this value is blank which stands for ‘localhost’. If ‘localhost’ doesn’t host your bus then you will get connection errors. It follows the standard:

<host_name>:<SIBus Bootsctrap messaging port>:BootstrapBasicMessaging

danhost:7276:BootstrapBasicMessaging

Once you have set that up in the connection factory, restart your server and now the IBM Client for JMS will connect to the given connection factory. You can then connect to a queue and start putting messages on remote destinations.

Related Posts

• Default Messaging (SIBus): Modifying JMS ConnectionFactory Provider Endpoints requires a server restart
• SIBus Explorer
• Web services with SOAP/JMS in IBM WebSphere Process Server
• Do not use forward slashes in SIBus Destination names with JMS
• Connecting to Oracle BPEL hosted on WebSphere Application Server 6.1 with JDeveloper

Just a quick tip, if you need to modify a JMS ConnectionFactory’s Provider Endpoints in WebSphere Application Server, be sure to re-start your server. You normally need to perform this task when you are outside the application server hosting the queue and performing remote JNDI lookups.

I modified the value but always got the error that ‘localhost:7276:BootstrapBasicMessaging’ could not be found. Once I restarted the server, then my lookup used the proper endpoint of my remote server and everything was fine.

Related Posts

• IBM Client Application For JMS - Put JMS messages in queues
• WebSphere Application Server: Non-Deterministic Error when configuring Default Messaging Activation Specs
• Do not use forward slashes in SIBus Destination names with JMS
• Still Springing Along
• DB2 SQL Error: SQLCODE: -104, SQLSTATE: 42601, SQLERRMC: INSERT INTO TABLE VALUES (?,?,?);BEGIN-OF-STATEMENT;

In a case of something I have never seen before, it appears that PK49507: THE SIBUS RESOURCE ADAPATER WILL NOW INDICATE THAT AN MDB SHOULD BE STOPPED IF A CERTAIN NUMBER OF FAILURES ARE HIT actually requires you to recreate your entire server profile from scratch! It contains the statement:

This property will only be available for new activation
specifications in profiles created after this APAR has been
applied.

This makes the fix completely useless to anyone who actually uses a WebSphere server. The functionality? It adds a new property called ‘maxSequentialMessageFailure’ so that MDBs who use activation specs aren’t also completely useless in the rollback scenario.

All I want is to have this fix so that WebSphere can issue a ‘CWSIV0605W’ message which we can listen for to turn off the delivery of messages to the endpoint. If you can’t turn off the processing, then you have to deal with creating dead letter queues and have a process for putting message back on the queue when they are non-poison. This scenario is discussed further on Bobby Woolf’s Wiki.

I’ve never seen IBM release something called an ‘ifix’ that required you to create a completely new profile. I’m hoping that this is a misinterpretation from the support team. Unfortunately, I have verified with my two eyes that a server who has a preexisting profile and then upgraded does not see it.

Related Posts

• Follow up to Profile Creation Fails on WebSphere 6.1.0.19: Java Juristiction Policy Files
• Profile Creation on WebSphere Application Server 6.1.0.19 Fails with Certificate Error
• IBM Client Application For JMS - Put JMS messages in queues
• WebSphere Application Server: Non-Deterministic Error when configuring Default Messaging Activation Specs
• javax.xml.bind.JAXBException: Unable to locate jaxb.properties for package {0}