What is WS-Security (Web Services)? (15 of 285 technotes for 2015)

What is WS Security?

WS-Security addresses how to maintain a secure context over a multi-point message path.

• Secure services beyond SSL over HTTP (HTTPS) (see http://bit.ly/1afA8Kg for more info)
• SOAP header extensions for end-to-end SOAP messaging security 
• Uses
• XML Signature & Encryption - ways to encrypt and sign contents of XML message
• XML Cannonicalization - making XML ready for signing and encrypting
• WS-Security gives a framework to embed the above mentioned technologies into SOAP message - using a transport neutral fashion.

What is SSL (Secure Sockets Layer)? (14 of 285 technotes for 2015)

• SSL is a security protocol for the transport layer.
• A protocol is  guideline to define how an algorithm should be written.
• SSL encrypts the messages between the web server and the browser.

What is nonrepudiation? (120/285 technotes for 2015)

In general, nonrepudiation is the ability to ensure that - a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.

What is nonrepudiation? - Definition from WhatIs.com

Secure Web Services (13 of 285 technotes for 2015)

Why Web Service security is so important nowadays

1. Interaction between communicating partners increasing from Intranet to Internet
2. Communicating partners are more likely to interact with each other without need for establishing business or human relationship first.
3. Program to program communication increases.
4. Large number of interactions.

Most common way of Interaction - SSL (Secure Socket Layer) used with HTTP i.e. HTTPS.

Tumblr is not what you think

I was wondering why tumblr search is so bad and primitive. May be this is a correct answer to that

• A large percentage of Tumblr users actually don’t WANT an audience. They do not want to be found, except by a few close friends who they explicitly share one of their tumblogs with. Therefore Tumblr’s notoriously weak search functionality is A-OK with most of its user base.
  
• Tumblr is actually Facebook 2.0! As Facebook has become a real-life social network infested with parents, co-workers, ex-friends, and people you barely know, Tumblr has become the place where young people express themselves and their ACTUAL INTERESTS with their ACTUAL FRIENDS. 

Tumblr is not what you think

How to modify Messaging Engine Policy in Websphere? (12 of 285 technotes for 2015)

Messaging Engine Policy Assistance

To use this feature you:

1. Select Service Integration -> Buses in the Admin Console navigation
2. Click the link of the bus which you want to configure a messaging engine policy for.
3. Click on Bus Members in the properties for the bus (This is where it is a little counterintuitive)
4. Click on the link for one of the bus members (This page shows the policy assistance is disabled but you have to go down a level to enable it)
5. Check the box next to the messaging engine for the bus member and click the Enable policy assistance button.
6. Run through the wizard to configure the policy.

Reference: http://ibm.co/1HSeppn

How to change the Default Core Group policy of a Cell in Websphere? (11 or 285 technotes for 2015)

Goto System Administration –> Cell –> Local Topology –> DefaultCoreGroups –> Policy

What are the different deployment topologies in IBM Websphere (10 of 285 technotes for 2015)

IBM Websphere comes with wizards for different topologies.

Different Topologies

Bronze - Single Cluster Topology

• The bronze topology is suitable for a solution that comprises only synchronous web services and synchronous SCA invocations, preferably with short-running flows only.
  
• Java Message Service (JMS), and MQ messaging bindings do not support multiple messaging engines in the same cluster
  

Silver - Remote Messaging

• The silver topology is suitable for a solution that uses long-running processes, but doesn’t need CEI, message sequencing, asynchronous deferred response, JMS or MQ bindings, or message sequencing mechanisms. 
  

Gold - Remote Messaging & Support

• The golden topology is suited for all the remaining cases, in which asynchronous processing plays a significant role in the solution 
  

---

References - http://www.ibm.com/developerworks/websphere/library/techarticles/1008_metzger/1008_metzger.html

http://www-01.ibm.com/support/knowledgecenter/SSQH9M_7.0.0/com.ibm.websphere.wesb.doc/doc/cpln_top_types.html?lang=no

Schema Names of SIB Tables created by Websphere Service Integratoin Bus(9 of 285 technotes for 2015)

The tables created within the CMNDB by the Service Integration Bus Messaging Engines are mentioned below. Whenever there is some issue in the SIB not able to start the Messaging Engine, it is safe to delete all the files that belong to the schema’s below. Generally we do “like ‘CMNS%” and “like ‘CMNC%’” and delete all the tables.

Messaging Engine - has failed to gain an initial lock on the data store (8 of 285 technotes for 2015)

Messaging Engine - is attempting to obtain an exclusive lock on the data store.
Messaging Engine - has failed to gain an initial lock on the data store.

Root Cause - 

An unclean shutdown could left lock owner information down to the database level. so when you bring up the server, it trying to get the same lock, but in the sibowner table, you already had one entry which tell the websphere process server, the lock already have an owner.

Action

Please delete all the tables with schema name like “CMN%” i.e. 

It does not matter how slowly you go as long as you do not stop.

Confucius

Science has proven it: every human being is trained and conditioned to earn a set amount of income. You can retrain your brain to break through that income barrier - would you like to learn how?
Your glass ceiling is created at an early age from your thoughts, fears, beliefs, perceptions, paradigms and internal brain patterns. Ever notice? Your brain patterns affect you at EVERY level of *financial* and life success!

https://www.facebook.com/johnassarafpage/posts/10153200055858658

Update ports of a Websphere Node (7 of 285 technotes for 2015)

Goto the node of the WAS profile and update the serverindex.xml

<WAS_INSTALL>profiles<profile_name>configcells<cell_name>nodes<node_name>

eg:

C:IBMWebSphereAppServerprofilesCustom01configcellsdmgr1Cell01nodesesbNode02

Troubleshooting Elastic Load Balancing: Registering Instances - ElasticLoad Balancing (119/285 technotes for 2015)

When you register an instance with your load balancer, there are a number of steps that are taken before the load balancer can begin to send requests to your instance.

Some of the issues are mentioned below:

• Taking too long to register back end instances
• Unable to register an instance launched from a paid AMI

References:

Troubleshooting Elastic Load Balancing: Registering Instances - Elastic Load Balancing

Getting Started with Elastic Load Balancing - Elastic Load Balancing (118/285 technotes for 2015)

Elastic Load Balancing 

• automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. 
• It enables you to achieve greater levels of fault tolerance in your applications, 
• seamlessly providing the required amount of load balancing capacity needed to distribute application traffic..

• Available
• route traffic - across multiple instances, multiple availability zones
• only healthy servers receives traffic
• Elastic
• scales well
• integrates with auto scaling - back-end capacity to meet varying levels of traffic 
• Secure
• works with VPC - to provide robust - networking and security
• Create a Internal (Non Internet Facing) Load Balancer - route traffic using private IP address using VPC
• Create a multi tired architecture - using Internal and Internet Facing Load Balancer
• Expose only the Internet Facing tier with Public IP address

Use Cases

• Better Fault Tolerance for your applications
• DNS Failover for Elastic Load Balancing
• Auto scaling with Elastic Load Balancing

Configure Custom Domain Name for Your Load Balancer - Elastic LoadBalancing (117/285 technotes for 2015)

1. create a Custom Domain Name (www.example.com) and register it to the DNS service provider.
2. all sub domains (of example.com i.e foo.example.com or sub.foo.example.com) are also reserved.
3. this set of domain and sub domains is called a ZONE
4. the domain name that u reserved is called a ZONE APEX
5. after u register a custom domain name, you have to associate it with the system generated Load Balancer DNS name.

Configure Custom Domain Name for Your Load Balancer - Elastic Load Balancing

Internet-facing and Internal Load Balancers - Elastic Load Balancing (116/285 technotes for 2015)

Internal Load Balancer
1. DNS name will be craeted - contain a private IP address of the load balancer
2. not exposed to the internet
Internet Facing Load Balancer
1. DNS name will be created - with public IP address of the load balancer
Both Cases:
DNS names will be publicly resolvable

Internet-facing and Internal Load Balancers - Elastic Load Balancing

Manage Profile Websphere (6 of 285 technotes for 2015)

<was_root>/bin/manageprofiles.sh -listProfiles

wil list the profiles

e.g

[appsrv01]

to remove the profile type:

<was_root>/bin/manageprofiles.sh -delete -profileName appsrv01

result:

INSTCONFSUCCESS: Success: The profile no longer exists.

Tomcat connector in failed state (5 of 285 technotes for 2015)

While running the basic web application using Spring Boot and embedded Tomcat, I am getting the error Tomcat Connector in failed state. 

The problem is resolved once the default port is changed from 8080 to 8181

java -jar target/gs-serving-web-content-0.1.0.jar –server.port=8181

Solution found from:

http://stackoverflow.com/questions/20735205/launching-spring-application-address-already-in-use

Manually update Datasource in Websphere Application Server(4 of 285 technotes for 2015)

• Open “Resources.xml” file (see below for the locations)
  
• Search for “resources.jdbc:DataSource” and 
  
• Update the “resourceProperties”
  

Clean up Default WESB System Applications. (3 of 285 technotes for 2015)

Several system applications are provided as part of the vanilla installation of WebSphere Enterprise Service Bus (WESB). However, not all of the default system applications are required for every WESB runtime topology. In an effort to reduce the number of ear files in the WESB environment the below 9 applications may be removed without any adverse effect to WESB environment  Eight/Nine of the applications are related to Business Space and one application is a RAL (Remote Artifact Loader) app.  I recently performed this clean up on a WESB 7.5 environment with excellent success.  Please note that if you are using Business Space, or RAL- do not remove these applications.
The following 9 WESB System Application Ears can be removed:
Business Space Applications

1. BPMAdministrationWidgets_esb_env2.AppTarget
2. BSpaceEAR_esb_env2.AppTarget
3. BSpaceForms_esb_env2.AppTarget
4. BSpaceHelp_esb_env2.AppTarget
5. PageBuilder2_esb_env2.AppTarget
6. REST Services Gateway
7. REST Services Gateway Dmgr
8. mm.was_esb_env2.AppTarget
9. wesbWidget_esb_env2.AppTarget
10. RemoteAL61 (Remote Artifact Loader)

DO NOT REMOVE

1. persistentLkMgr- manages event sequencing
2. sca.sib.mediation- provides mediation services (see pg 97 in linked redbook)
3. wpsFEMgr_7.0.0- provides Failed Event Management Services.

Reference - http://jubergconsulting.gowithclick.com/_blog/websphere/post/Clean_up_default_WESB_System_Applications/

What is "persistentLkMgr" Persistent LK Manager in IBM ESB 7.5? (2 of 285 technotes for 2015)

persistentLkMgr is an application that is installed automatically when IBM ESB 7.5 is installed.

This application is used mainly in Event Sequencing. persistentLkMgr application which is responsible for writing the lock entry in the PERSISTENTLOCK DB table.

For more information please read the article.

Eclipse add Tomcat 7 blank server name (1 of 285 technotes for 2015)

1. Close Eclipse
2. In {workspace-directory}/.metadata/.plugins/org.eclipse.core.runtime/.settings delete the following two files:
3. Restart Eclipse

• org.eclipse.wst.server.core.prefs
• org.eclipse.jst.server.tomcat.core.prefs

http://stackoverflow.com/questions/14791843/eclipse-add-tomcat-7-blank-server-name