https://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/txml_adminclient.html
IBM websphere 6.1 document mentions thin WSAdmin thin client.
I had some trouble to get this thing running
This is what I did - starting from WAS 6.1.0.27 installation
1) Created dir - C:\IBM\wsadmin61
2) Copy com.ibm.ws.admin.client_6.1.0.jar
3) Copy com.ibm.ws.security.crypto_6.1.0.jar
4) create properties dir and copy - soap.client.props,ssl.client.props and wsadmin.properties (sas.client.props not needed if you are using soap)
5) IBM says you have to use IBM jdk. I have Java 5 IBM JDK that came with WAS CE installation.
However I found that java.security file uses PKIX as trust manager and ssl.client.props that mentions com.ibm.ssl.trustManager=IbmX509 is not honored.
(IBM, what cool aid were you drinking when you wrote this documentation/implementation?)
ssl.KeyManagerFactory.algorithm=IbmX509
ssl.TrustManagerFactory.algorithm=IbmX509
Add these 2 lines
ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory
ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory
6) created scripts directory, and copied
LTPA_LDAPSecurityProcs.jacl
LTPA_LDAPSecurityProcs.py
securityProcs.jacl
securityProcs.py
7) went through all properties files once again, and checked for paths
in thin client, you can no longer have paths containing ${was.install.root} so beware
e.g.
user.root=C:\IBM\wsadmin61
com.ibm.ssl.keyStore=etc/key.p12
com.ibm.ssl.trustStore=etc/trust.p12
com.ibm.ws.scripting.traceFile=logs/wsadmin.traceout
com.ibm.ws.scripting.validationOutput=logs/wsadmin.valout
com.ibm.ws.scripting.profiles=scripts/securityProcs.jacl;scripts/LTPA_LDAPSecurityProcs.jacl
com.ibm.ws.scripting.tempdir=temp
also notice
com.ibm.ws.scripting.connectionType=SOAP
8) you dont have to copy key.p12 and trust.p12 but you can copy them if you want to
9) you can uncomment this if you need full trace (and dont overwrite it!)
com.ibm.ws.scripting.traceString=com.ibm.*=all=enabled
com.ibm.ws.scripting.appendTrace=true
10)
My wsadmin.bat looks like this
cls
@setlocal
set WAS_HOME=c:\ibm\wsadmin61
set USER_INSTALL_ROOT=%WAS_HOME%
set JAVA_HOME=C:\Apps\IBM\Java50
@REM C_PATH is the class path. Add to it as needed.
set C_PATH=%WAS_HOME%\com.ibm.ws.admin.client_6.1.0.jar;%WAS_HOME%\com.ibm.ws.security.crypto_6.1.0.jar
set SOAPURL=-Dcom.ibm.SOAP.ConfigURL=file:%WAS_HOME%\properties\soap.client.props
set CLIENTSSL=-Dcom.ibm.SSL.ConfigURL=file:%WAS_HOME%\properties\ssl.client.props
if exist %JAVA_HOME%\bin\java.exe (
set JAVA_EXE=%JAVA_HOME%\bin\java
) else (
set JAVA_EXE=%JAVA_HOME%\jre\bin\java
)
%JAVA_EXE% -classpath "%C_PATH%" -Duser.install.root=%USER_INSTALL_ROOT% %CLIENTSSL% %SOAPURL% com.ibm.ws.scripting.WasxShell %*
@endlocal
FYI
These gave me an idea that there is something wrong with java.security file
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg1PK52557
http://paulszulc.wordpress.com/2009/08/05/headache-pill-unable-to-find-valid-certification-path-to-requested-target/
http://www.ibm.com/developerworks/forums/thread.jspa?messageID=14412173
This is guy is using it with WAS 7.0 and latest jython
http://myarch.com/wsadmin-thin-client
Monday, March 15, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment