Welcome to WebSphere-World!

     Main Menu
· Home
· Topics
· Downloads
· Forums
· Submit News
· Top 10

     Other Modules
· Sign In / Your Account
· Members List
· Statistics
· Feedback
· Need a break? [Games]
· About this site / FAQs

     Who's Online
There are currently, 94 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

     User's Login
Nickname

Password

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

     GameHighScores
 Web Services and EJB support in WAS8 Liberty Profile

IBMYou can try out JAX-WS and EJB support now in WAS 8.5 Liberty Profile (in Alpha) now on wasdev.  WAS 8.5 Liberty Profile is a special lightweight version of WAS for developers.  Fast cycle time and file-based config.

Posted by billylo on Wednesday, November 14 @ 06:05:04 EST (1001 reads)
 (comments? | Score: 0)

 Free training on IBM Worklight - Mobile Development

EducationMobile foundation platform is the hotest topic around IBM.  You can pick up Worklight Developer Edition for free here and follow this training to get the essential skills.  It's a 2-day course that goes into a fair amount of depth (such as authentication, push notification, globalization and offline encrypted storage.)  Very handy.

Posted by billylo on Monday, September 17 @ 20:23:36 EDT (1264 reads)
 (comments? | Score: 0)

 MQSeries.net is now available on Linkedin

WebSphere MQAnonymous writes "for those of you who are on Linkedin , this may be worth a consideration to join

http://www.linkedin.com/groups?mostPopular=&gid=3872813"

Posted by billylo on Sunday, June 10 @ 09:42:21 EDT (1269 reads)
 (comments? | Score: 0)

 New: MQ Visual Edit v1.5.5

WebSphere MQRogerLacroix writes "Capitalware Inc. would like to announce the official release of MQ Visual Edit v1.5.5.  This is a FREE upgrade for ALL licensed users of MQ Visual Edit."

Posted by billylo on Sunday, June 10 @ 09:41:20 EDT (1492 reads)
 (Read More... | 920 bytes more | comments? | Score: 0)

 Inbound and Outbound SSL communications

IBMAnonymous writes "This article is an overview of the general concepts of inbound and outbound SSL configurations for WebSphere Application Server. It applies to the recommended approach by IBM to use IHS for inbound SSL and to configure the appropriate scopes key and trust stores.
Read it through, it reads great, but there is a more to it than meets the eye. After reading the Inbound communications and Outbound communications please read through my comments after to get an idea of the type of level my training material covers.
BEGIN: Excerpt from IBM Information Centre


Inbound communications


Most Web applications transmit sensitive data, for example, a user name and password during login or personal data during the interaction with the application. To make this data safe during transfer, we use SSL. In the WebSphere environment, we recommend that you access application


servers through a Web server, for example, IBM HTTP Server (IHS). If client certificate authentication is not required, perform the following steps to configure SSL communication:


1.  Configure the Web server for SSL


1.  Create the key database file and certificates required for the Web server to participate in an SSL connection. The certificate must be signed by a well known CA.


2.  Enable the directives in the Web server configuration for SSL, pointing to the new key database. This step allows SSL connections to be established between Web browsers and the Web server.


2.  Configure the HTTP Plug-in for SSL


1.  Add the Web server definition to WebSphere (which is usually done as a part of the HTTP plug-in configuration process).When a Web server definition is created, it is associated with a keystore that contains all of the signers for the cell and the chained certificate for the Web server node.


2.  Copy the Web server keystore and stash files for the plug-in to the Web server plug-in location.


If client certificate authentication is required, configuration is more complex. In addition to the previous steps, you have to configure the Web server to require client certificates and configure mutual trust between the plug-in and the application server.


Outbound communications


Applications might need to communicate with external services. These external services usually require encryption and often certificate authentication also. We recommend that you create separate SSL configurations for each external service to provide flexibility and isolation. Depending on your requirements, the number of external services, and the topology, you can select a specific SSL configuration selection method.


The following steps describe how to prepare SSL configuration for external


service:


1.  Create a keystore at the appropriate scope. Choose a scope that will allow access to the keystore for all servers that have to connect to the external service.


2.  Obtain the certificate from the external service server.


3.  Import the certificate into the keystore as a signer certificate.


4.  If client certificate authentication is required:


1.  If the service provider provides you with a client certificate, import it as a personal certificate into the keystore.


2.  Otherwise:


1.  Generate a new self-signed personal certificate or chained certificate.


2.  Extract the public part of the certificate or root signer certificate.


3.  Send the extracted certificate to the service provider where it must be


            added as a trusted certificate to allow a connection to be established.


1.  Create a new SSL configuration at the same scope. Select the new keystore as both the keystore and the truststore.


2.  Ensure that the SSL configuration will be used.


END: Excerpt from IBM Information Centre


How to implement the above.


Nice description above, but how do we do all this?


·     What about the scenario when you do not want IBM HTTP Server for inbound SSL and you want to access WAS directly via SSL?
·     Maybe you want WAS to communicate to a service hosted in another technology and you need WAS to be the client?
·     Maybe you do not want WAS to present the default self –signed certificate in this type of conversation. Instead present singed certs from one of your companies root certificates?
IHS (IBM HTTP Server) SSL configuration is covered in my SSL module part 1.
You can purchase this module from www.themiddlewareshop.com

My SSL module Part2 discusses the correct configuration to allow a client service to connect to WebSphere Application Server directly using SSL and vice versa.
You can purchase this module from www.themiddlewareshop.com

"

Posted by billylo on Sunday, June 10 @ 09:40:01 EDT (2109 reads)
 (comments? | Score: 0)

 IBM WebSphere Application Server V8.5 Beta (including the Liberty profile)

AnnouncementsAnonymous writes "https://www14.software.ibm.com/iwm/web/cc/earlyprograms/websphere/wasv8na/"

Posted by billylo on Sunday, June 10 @ 09:39:33 EDT (3389 reads)
 (comments? | Score: 0)

 WebSphere / DataPower SSL interoperability

Security
Use case:  DataPower XI52 Web Services Proxy acting as web services provider endpoint (https)
web services client was running on WebSphere AppServer 7.0

We kept getting javax.net.ssl.SSLKeyException after we switched to use SSL on DataPower.  It turns out that the IBM JDK does not like SSL that uses large key size 4096-bits on the DataPower side.  See this link for some more details.

The solution is to use the unrestricted JCE policy files (downloaded from here.)  Or go back to 1024-bits.

This one took me a couple of days to figure out.  So, I figured you may find it useful too.

Posted by billylo on Sunday, June 03 @ 10:44:07 EDT (1268 reads)
 (comments? | Score: 0)

 Tracking CPU consumption programmatically in zWAS

PerformanceThis API is very handy if you need to figure out which part of your code is consuming MIPS on zWAS.  WebSphere on zOS has special API [pdf] to retrieve that information.  

Posted by billylo on Thursday, May 10 @ 09:40:09 EDT (1589 reads)
 (comments? | Score: 0)

 WebSphere Insights digital magazine

AnnouncementsA new digital magazine known as WebSphere Insights is now available (free).  

Posted by billylo on Tuesday, May 08 @ 13:39:37 EDT (1336 reads)
 (comments? | Score: 0)

 IMPACT highlights

IBMJust returned from IMPACT this year.  About 9000 people attended this year.  A ton of new announcements around the WebSphere platform; especially capabilities to support mobile.  A couple of highlights for you:

  1. WAS 8.5 - This is not a small 0.5 release by any measure.  All of the HA features in WebSphere Virtual Enterprise (e.g. on-demand router, application versioning support, dynamic clusters) are now folded into WAS ND 8.5; as well as the WebSphere Batch framework (Compute Grid.)  A lot of new HA features for administrators and the new Liberty Profile for Developers (lightweight, fast starting J2EE container).
  2. IBM Mobile Foundation - includes Worklight for mobile development and Mobile Endpoint Management
  3. BPM 8.0 - new Web 2.0 style UIs, iPhone and iPad support, 
  4. DataPower Firmware 5 - OAuth Support, use of AO in XG45, extended memory access 96 Gb on XI52
  5. CastIron Live Web API Management - Developer Portal, Integration on the cloud, metering, etc
My own session ("Top 10 SOA Best Practices to support innovations in mobile and analytics") went well.  You can download my slides here too.

More on WAS 8.5 a little later.

Cheers.  Billy.

Posted by billylo on Tuesday, May 08 @ 10:16:00 EDT (1742 reads)
 (comments? | Score: 0)

 WebSphere JAX-WS web services troubleshooting

Web servicesThe first thing is usually to enable the message trace (traceSpec=com.ibm.ws.websvcs.trace.*=all) so that you can inspect the request/responses in the trace file.

For more specific items, see this JAX-WS troubleshooting article from Phil Adams.

Posted by billylo on Friday, March 16 @ 08:57:36 EDT (1676 reads)
 (comments? | Score: 0)

 DataPower XC10 caching appliance as a side cache for XI52

PerformanceXC10 is a generic caching appliance that provides external caches to Java apps (e.g. as an external cache provider for WebSphere dynacache) and non-Java caching (e.g. as a cache for XI52 integration appliance.)

Charles Le Vay and his team provided an introduction here.

Posted by billylo on Monday, March 12 @ 05:37:07 EDT (1513 reads)
 (comments? | Score: 0)

 DMZ Proxy Server that comes with WebSphere AppServer

SecurityOne of the little known features in WAS 6.0 and above is called WebSphere Proxy Server that comes with WAS.  In fact, there are three different types of them:  WebSphere Proxy Server, DMZ Secured Proxy and Edge Component Caching Proxy.  (in addition to the HTTP server plug-in:  which is also another kind of proxy.)

This article describes the details of the first type (WebSphere Proxy Server).  If you are curious about how WebSphere Proxy Server is different from HTTP server plugins, check out this comparison.)

WebSphere Proxy Server is basically a caching reverse proxy that understands the WAS topology, interacts with Dmgr and can cache dynamic content (e.g. servlet outputs) as well as static content.  It can be managed from the WAS admin console and JMX.

Posted by billylo on Monday, March 12 @ 05:22:50 EDT (3281 reads)
 (comments? | Score: 0)

 Happy holidays for all WebSpherians

AnnouncementsWish all of you a happy holidays and prosperous new year!  Billy.

Posted by billylo on Sunday, December 25 @ 07:23:43 EST (1179 reads)
 (comments? | Score: 0)

 Administer your WebSphere servers from Andriod phones

InfrastructureCheck out this tool called WASdroid.   Mobile admin client for simple things in WAS.  Cool and Free.

Posted by billylo on Tuesday, October 11 @ 11:23:51 EDT (1822 reads)
 (comments? | Score: 0)


     Search Box



     Related Sites
News for WebSpherians

RSS Data Feed

WeDoWebSphere.de

WebSphere.org

WebSphere Help, Tips and Tricks Blog

WebSphere Community Blog



     Links
IBM WAS Support FAQs

WebSphere e-Fixes FTP






WebSphere is a registered trademark of International Business Machines Corporation in the United States or other countries or both.
Please note that this site is a user-driven community site. It is not operated by IBM. Information is provided on an as-is basis and it may or may not be supported by IBM.

PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.22 Seconds