I wanted to share my experience with getting Slide working
on WebSphere with
Security included.
Thanks to the post on the slide-user list from Lynn Richards
(http://www.mai
l-archive.com/slide-user jakarta.apache.org/msg10690.html).
Sorry this is a long post, but I know I would have found
this level of
detail helpful a couple of days ago - a committer is welcome
to add this to
the wiki?:
http://wiki.apache.org/jakarta-slide/WebSphereSetup.
I've put
detail and background in, so that even if following my
details below don't
help, they may lead you in the right direction.
You will need:
* slide-server-2.1 source code - in order to make
corrections and re-build.
* IBM HTTP Server (IHS) and the Web Server Plugin
SLIDE SOURCE CHANGES - UTF-8
There are a two places (that I could find) in the code where
the content
type is set to "text/xml;
charset=\"UTF-8\"". The WebSphere
servlet
container can't handle the quotes around the encoding. This
needs to be
changed to "text/xml; charset=UTF-8". This works
for Tomcat too, so perhaps
it should be committed in the server source?
1.
jakarta-slide-server-src-2.1\src\webdav\server\org\apac
he\slide\webdav\metho
d\AbstractWebdavMethod.java
128c128
< public static final String TEXT_XML_UTF_8 =
"text/xml;
charset=\"UTF-8\"";
---
> public static final String TEXT_XML_UTF_8 =
"text/xml; charset=UTF-8";
2.
jakarta-slide-server-src-2.1\src\webdav\server\org\apac
he\slide\webdav\util\
DirectoryIndexGenerator.java
145c145
< res.setContentType("text/html;
charset=\"UTF-8\"");
---
> res.setContentType("text/html;
charset=UTF-8");
SLIDE CONFIGURATION
1. / Path "Forbidden"
The issue where all paths appear to be "/" no
matter what path is accessed
on Slide is due to the following code in
jakarta-slide-server-src-2.1-\src\webdav\server\org\apa
che\slide\webdav\util
\WebdavUtils.java and a difference in implementation
between WebSphere and
Tomcat
String result = null;
if (config.isDefaultServlet()) {
result = req.getServletPath();
} else {
result = req.getPathInfo();
}
req.getServletPath() seems to always be "/" in
WebSphere when the WebDAV
servlet is mapped to "/". The solution is to
force slide to use the
getPathInfo() method by turning off the Default Servlet flag
in the web.xml
<param-name>default-servlet</param-name>
<param-value>false</param-value>
2. The EAR file might be corrupt? web.xml validation
When you install a war file on WebSphere the web.xml is
parsed and validated
against the spec. Any discrepancies with the spec will give
you the
un-helpful error that the "EAR file might be
corrupt". Add the detail below
to you opening node in the web.xml and make sure it is valid
according to
the schema (using an editor such as XML Spy) before
including it in the war
file:
<web-app version="2.4" xmlns="http://java.sun.com/x
ml/ns/j2ee"
xsi="http://www.
w3.org/2001/XMLSchema-instance"
schemalocation="http://java.sun.com/x
ml/ns/j2ee
http:
//java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
You'll find that all the <description> nodes are in
the wrong place within
the <init-param> nodes - they should be the first
child rather than the
last.
More importantly is the security-constraint section. To get
authentication,
you must define the constraint for all the possible http
(WebDAV) methods.
The problem is according to the web.xml spec, the only valid
http-method
values are: HEAD, GET, POST, PUT, DELETE, OPTIONS and TRACE.
To have the
other WebDAV methods secure as well, leave the specific
http-method
constraints out. This node is optional and if you don't
specify any, all
Http methods will be secure and this will include the WebDAV
extensions too.
<!-- Uncomment this to get authentication -->
<security-constraint>
<web-resource-collection>
<web-resource-name>DAV
resource</web-resource-name>
<url-pattern>/*</url-pattern>
<!-- comment out the explicit http-method
list
...
-->
</web-resource-collection>
<auth-constraint>
<role-name>SlideAdmin</role-name>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
WEBSPHERE CONFIGURATION
1. Global Security
How to configure WebSphere with a Custom or LDAP realm is
beyond the scope
of this mail list but with Security turned on, you will need
to either Turn
off "Java 2 Security" or define a policy file
for the slide web-app.
With Java 2 security on, slide will get
AccessControlException(s) when it
tries to check for the existence of things like its
properties file (from
the "java.home" location? See Configuration.java
- it will catch the
exception if the load fails but not if the file.exists()
check is
forbidden).
2. WebServer Integration
It appears that when the WebSphere AppServer handles HTTP
requests it
assumes the same default as the IBM WebServer, namely -
content is only to
be expected and read for POST and PUT requests. This page on
IBM's support
site is old but seems to apply for v6 as well:
http://www-1.ibm.com/support/docview.wss?rs=
180&uid=swg21145705.
To get the WebDAV extensions to HTTP working you need to
configure the IBM
WebServer with the AppServer using IBM's WebServer Plugin.
It's in the
Plugin where you're then able to allow content in all
HTTP/WebDAV requests.
Ie "true" for
* AcceptAllContent *
Specifies whether or not users can include content in POST,
PUT,
GET, and HEAD requests when a Content-Length or
Transfer-encoding header is
contained in the request header. You can specify one of the
following values
for this attribute:
* true if content is to be expected and read for all
requests
* false if content only is only to be expected and read for
POST and
PUT requests.
false is the default.
If you have version 6, with the WebServer and AppServer on
the same machine
and the Server setup to propagate changes to the
plugin-cfg.xml file, you
can set this flag in the Admin Console:
Web servers > webserver1 > Plug-in properties >
Request and response
Check the box for - Accept content for all requests
I found integrating the AppServer with the WebServer via
plugin not a simple
process. You should do this before installing slide and use
the /snoop
servlet to check if things are working via the WebServer.
You could actually use a WebServer other than IBM's. The
difference will be
that you may need to manually configure the Plugin in the
AppServer and
WebServer and then when the Admin console updates the
plugin-cfg.xml file
you may need to copy this to the place where the WebServer
expects.
INSTALLING SLIDE
After you install/deploy the slide.war (I gave it the
enterprise application
name of "slide") you need to edit the Class
Loading properties.
Class loader mode = Parent Last
WAR class loader policy = Application
This avoids the problem of WebSphere v6 including an older
version of JDOM
(1.0Beta7) in its lib folder as well as property file
loading issues.
Check that slide has been correctly associated with the
WebServer Plugin:
Enterprise Applications > slide > Map modules to
servers
You should see something like:
Server
WebSphere:cell=wasNode01Cell,node=webserver1_node,server=web
server1
WebSphere:cell=wasNode01Cell,node=wasNode01,server=server1
It's important to see both the server and the webserver
"module" in this
list.
After starting the slide application it should be accessible
via the
WebServer (port 80 by default). All access will have to be
via the WebServer
and this should hopefully work without error and will be
secure.
Regards,
Kevin Jansz
--
kevin.janszexari.com
exari systems
bond | Melbourne | San Francisco
enterprise document assembly
Tel +61 (0)3 9621 2773
Fax +61 (0)3 9621 2776
www.exari.com
------------------------------------------------------------
---------
To unsubscribe, e-mail: slide-user-unsubscribejakarta.apache.org
For additional commands, e-mail: slide-user-helpjakarta.apache.org
|