Monday, March 15, 2010

wsadmin thin client

https://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/txml_adminclient.html

IBM websphere 6.1 document mentions thin WSAdmin thin client.

I had some trouble to get this thing running

This is what I did - starting from WAS 6.1.0.27 installation

1) Created dir - C:\IBM\wsadmin61
2) Copy com.ibm.ws.admin.client_6.1.0.jar
3) Copy com.ibm.ws.security.crypto_6.1.0.jar
4) create properties dir and copy - soap.client.props,ssl.client.props and wsadmin.properties (sas.client.props not needed if you are using soap)
5) IBM says you have to use IBM jdk. I have Java 5 IBM JDK that came with WAS CE installation.
However I found that java.security file uses PKIX as trust manager and ssl.client.props that mentions com.ibm.ssl.trustManager=IbmX509 is not honored.
(IBM, what cool aid were you drinking when you wrote this documentation/implementation?)

ssl.KeyManagerFactory.algorithm=IbmX509
ssl.TrustManagerFactory.algorithm=IbmX509

Add these 2 lines

ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory
ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory


6) created scripts directory, and copied
LTPA_LDAPSecurityProcs.jacl
LTPA_LDAPSecurityProcs.py
securityProcs.jacl
securityProcs.py

7) went through all properties files once again, and checked for paths
in thin client, you can no longer have paths containing ${was.install.root} so beware

e.g.
user.root=C:\IBM\wsadmin61
com.ibm.ssl.keyStore=etc/key.p12
com.ibm.ssl.trustStore=etc/trust.p12
com.ibm.ws.scripting.traceFile=logs/wsadmin.traceout
com.ibm.ws.scripting.validationOutput=logs/wsadmin.valout
com.ibm.ws.scripting.profiles=scripts/securityProcs.jacl;scripts/LTPA_LDAPSecurityProcs.jacl
com.ibm.ws.scripting.tempdir=temp


also notice
com.ibm.ws.scripting.connectionType=SOAP


8) you dont have to copy key.p12 and trust.p12 but you can copy them if you want to


9) you can uncomment this if you need full trace (and dont overwrite it!)

com.ibm.ws.scripting.traceString=com.ibm.*=all=enabled
com.ibm.ws.scripting.appendTrace=true

10)
My wsadmin.bat looks like this

cls

@setlocal

set WAS_HOME=c:\ibm\wsadmin61
set USER_INSTALL_ROOT=%WAS_HOME%
set JAVA_HOME=C:\Apps\IBM\Java50

@REM C_PATH is the class path. Add to it as needed.
set C_PATH=%WAS_HOME%\com.ibm.ws.admin.client_6.1.0.jar;%WAS_HOME%\com.ibm.ws.security.crypto_6.1.0.jar
set SOAPURL=-Dcom.ibm.SOAP.ConfigURL=file:%WAS_HOME%\properties\soap.client.props
set CLIENTSSL=-Dcom.ibm.SSL.ConfigURL=file:%WAS_HOME%\properties\ssl.client.props


if exist %JAVA_HOME%\bin\java.exe (
set JAVA_EXE=%JAVA_HOME%\bin\java
) else (
set JAVA_EXE=%JAVA_HOME%\jre\bin\java
)

%JAVA_EXE% -classpath "%C_PATH%" -Duser.install.root=%USER_INSTALL_ROOT% %CLIENTSSL% %SOAPURL% com.ibm.ws.scripting.WasxShell %*

@endlocal


FYI

These gave me an idea that there is something wrong with java.security file
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg1PK52557
http://paulszulc.wordpress.com/2009/08/05/headache-pill-unable-to-find-valid-certification-path-to-requested-target/
http://www.ibm.com/developerworks/forums/thread.jspa?messageID=14412173


This is guy is using it with WAS 7.0 and latest jython
http://myarch.com/wsadmin-thin-client

No comments:

Post a Comment

Post a Comment