L02 WAS85 Liberty Admin V1.4

L02: Learn to Accelerate your Web App Development with the WebSphere Application Server Liberty Profile
Lab Exercise
Copyright IBM Corporation, 2012 US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM Software
Contents
LAB 2 LEARN TO ACCELERATE YOUR WEB APP DEVELOPMENT WITH THE WEBSPHERE APPLICATION SERVER LIBERTY PROFILE ................................................................................................... 7 2.1 LAB SETUP (REQUIRED ONLY IF YOU DID NOT COMPLETE LAB 1) ................................................................... 8 2.2 PREPARING THE LIBERTY PROFILE TO WORK AROUND A KNOWN ISSUE .......... ERROR! BOOKMARK NOT DEFINED. 2.3 BLOG SERVLET APPLICATION .................................................................................................................... 9 2.3.1 THE JPA (JAVA PERSISTENCE) ENTITY ...................................................................................... 10 2.3.2 SUMMARY ............................................................................................................................... 15 2.4 REVIEWING THE W EB FRONT END FOR THE BLOG APPLICATION ................................................................. 15 2.4.1 EXPLORING THE POSTBLOG SERVLET ....................................................................................... 16 2.4.2 EXPLORING THE VIEW BLOG SERVLET ........................................................................................ 20 2.4.3 EXPLORING THE CREATEBLOGPOST HTML ............................................................................... 22 2.4.4 SUMMARY ............................................................................................................................... 23 2.5 CONFIGURING THE SERVER AND RUNNING THE APPLICATION ....................................................................... 24 2.5.1 CONFIGURING THE DATA SOURCE TO CONNECT TO THE DATABASE ............................................... 24 2.5.2 SUMMARY ............................................................................................................................... 37 2.6 SECURING AN APPLICATION .................................................................................................................... 37 2.6.1 CONFIGURE THE LIBERTY SERVER FOR HTTPS SUPPORT .............................................................. 37 2.6.2 SETUP A BASIC USER REGISTRY TO TEST ROLE BASED ACCESS TO THE BLOG APPLICATION............... 41 2.6.3 SECURING THE BLOG APPLICATION RESOURCES .......................................................................... 43 2.6.4 TESTING USER ACCESS TO SECURE RESOURCES IN THE BLOG APPLICATION ................................... 51 2.6.5 SUMMARY ............................................................................................................................... 54 2.7 PACKAGING THE LIBERTY PROFILE SERVER USING THE DEVELOPER TOOLS ................................................. 54 2.7.1 PACKAGE THE LIBERTY SERVER, CONFIGURATION, AND APPLICATIONS .......................................... 55 2.7.2 SUMMARY ............................................................................................................................... 57 2.8 CONCLUSION......................................................................................................................................... 57 2.9 APPENDIX A: REVIEW OF JPA PROJECT CODE AND PERSISTENCE XML CONFIGURATION .............................. 58 2.9.1 EXPLORING THE BLOGENTRY JPA CODE ................................................................................... 58 2.9.2 EXPLORING THE PERSISTENCE XML IN THE JPA PROJECT .......................................................... 60 2.10 APPENDIX B: REVIEW OF POSTBLOG JAVA CODE IN THE BLOG PROJECT ...................................................... 63 2.10.1 EXPLORING THE POSTBLOG SERVLET ....................................................................................... 63 2.11 APPENDIX C: REVIEW OF VIEW BLOG JAVA CODE IN THE BLOG PROJECT ...................................................... 68 2.11.1 EXPLORING THE VIEW BLOG SERVLET ........................................................................................ 68 2.12 APPENDIX D: REVIEW OF CREATEBLOGPOST HTML CODE IN THE BLOG PROJECT .......................................... 72 2.12.1 EXPLORING THE CREATEBLOGPOST HTML ............................................................................... 72
Contents
Page 3
IBM Software
Lab 2
Learn to Accelerate your web App development with the WebSphere Application Server Liberty profile
In this lab, you are going to work with an existing Web application, and configure the Liberty Profile server and resources in order to run the application on the Liberty development server. The Blog Application requires a database. You will configure the data source needed to connect to the Derby database. The Blog application requires that some of its resource be accessed in a secure manner. You will setup the security of the Liberty server, and configure the user role mappings in order to provide role based access to the secure resources. The Blog application includes a JPA project (Java Persistence API) programming model for access to the backend database. You will add the necessary features to the Liberty profile to support the JPA programming model for Entity persistence. The Blog application also uses Java Servlets to interact with the persistence layer, and to display the resulting HTML content. You will configure the Liberty server to include the necessary features to support the Servlet programming model. In tis lab, you will be introduced to the debugger in order to learn how quickly you can get up and running in debug mode using the Liberty profile. Finally, you will test the Blog application and export the Liberty profiler resources to a compressed archive file. The compressed archive file includes the Liberty Server configuration and the Blog application. In subsequent labs, you will remotely deploy and manage the Blog application and Liberty Profile server using the remote management capabilities available for the Liberty profile. This lab uses a desktop virtual image. The completion of Lab 01 is required to begin this lab exercise. If you have not completed lab 1, you must compete the lab setup section of this lab before you begin the Lab 2 exercise. In this exercise, you will learn:

How to create and deploy a simple static Web application using the IBM WebSphere Application Server V8.5 Liberty Profile Developer Tools How to create and deploy a simple blog Web application that makes use of Servlets, and persistence (using JPA Java persistence API) How to create and configure Shared Libraries How to configure JDBC drivers and data sources How to configure a Web application to access to certain Servlets and web pages require authentication How to configure the server to use SSL, to have a user registry to authenticate clients with, and how to define role mappings for a web Application How to package the Liberty server, configuration, and applications for deployment to other environments
To run this lab, your workstation must meet the following requirements:
Discovering the value of IBM WebSphere Application Server V8.5 for Administrators An IBM Proof of Technology
Page 7
IBM Software
Approximately 8GB of storage available for the Windows XP virtual image Approximately 1.5 GB of memory free to run the developer workbench and the server The sample files for this lab, unzipped on your workstation; the instructions will refer to the location of the sample files using the <LAB_FILES> variable. Connectivity to the internet is NOT required
2.1
Lab Setup (Required only if you did not complete Lab 1)
This lab requires the completion of Lab 01. If you have not completed lab 01, it is recommended that you do so be before attempting this lab. However, you may, instead, follow these simple instructions for importing the completed version of Lab 01. The Lab1_Completed.zip file includes the following:
LibertyWork: This directory is the root directory for the labs exercises to be performed. eclipe: Eclipse installation (Indigo 3.7.2) wlp: Liberty Profile installation, configuration, and deployed apps. workspace: The eclipse workspace that includes the completed lab exercises.
NOTE: The completion of Lab 01, or the unzipping of this completed Lab 01 archive is required in order to begin Lab 02. These steps required only if you did not complete Lab 01, and want to perform Lab 02. __1. Locate the completed lab 01 archive in X:\Student\CompletedLabs\Lab01\Lab1_Completed.zip __2. Unzip the file to C:\Student
Page 8
IBM Software
This will unzip everything under the c:\Student\LibertyWork folder which is where the lab exercises are performed. __3. __4. When prompted to replace files, select Yes to All. You are now ready to continue to the next section of Lab 02.
2.2
Blog Servlet Application

In this section of the exercise, you are going to import the resources for a simple Blog application. You will explore the application components in order to become familiar with the Web application that uses JPA to implement a simple blog. The Blog will consist of JPA entity, two servlets and an html file. Here is the application model diagram and use case:
1. The user inputs a blog entry into an HTML form. 2. The form data is posted to the PostBlog Servlet, 3. The PostBlog Servlet uses the JPA persistence API to save the blog entry in the database via the JPA Entity. 4. Then the ViewBlog Servlet is invoked from the PostBlog Servlet 5. The ViewBlog Servlet uses the JPA persistence API to retrieve ALL the blog entries from the database and render them in HTML format.
Page 9
IBM Software
Blog Application Model Diagram WebSphere Application Server - Liberty Profile V8.5
Web Container Input HTML form
cresteBlogPost.html Post HTML form data
JPA Persistence
BlogEntry.java
Add a Blog Entry
Post Blog Content

PostBlog.java Invoke Blog View Retrieve Blog Entries
Persist and retrieve blog records
Derby DB
View Blog Content

ViewBlog.java
2.2.1
The JPA (Java persistence) Entity

Java Persistence API (JPA) provides a simple POJO based programming model for reading and writing data to a database. It is based around annotated POJOs called entities which are mapped into rows and tables in a relational database. In this section, we will import and review the JPA Entity used to persist the blog data to the Derby database provisioned on the virtual image.
__1.
Import the Blog JPA Project into the Workspace __a. Launch Eclipse and ensure the selected Workpace is C:\Student\LibertyWork\workspace __b. Select File Import General Existing Projects into Workspace from the menu bar. Then click the Next button.
Page 10
IBM Software
__c. On the Import Projects dialog, click on the radio button labeled Select Archive File, and then click the Browse button to select the X:\Student\LabFiles\Lab02\BlogJPAProject_Archive_Import2.zip file. Then click Open.
__d. Select the JPA Project (JPA Project) from the archive. Then click the Finish button to import the archive file. __2. At this point, you will notice an error in the persistence.xml file. The error appears to be a bug in the Web Developer Tools in Eclipse.
Page 11
IBM Software
__a. To eliminate the error, simply edit the persistence.xml file in Eclipse.
__b. Add a space character or a blank line. __c. Then save the file. The errors will go away. __3. Review the BlogEntry java code in the JPA Project. __a. In the Enterprise Explorer, navigate to JPA Project src lab.blog.jpa BlogEntry.java.
__b. Double click on BlogEntry.java to display the source code in the editor pane. You can take time here to review the code on your own. TIP: You can refer to Appendix A for a guided tour of the JPA project code and persistence configuration in the JPA Project application.
Page 12
IBM Software
__4.
Review the persistence.xml in the JPA Project. You can take time here to review the persistence XML on your own. TIP: You can refer to Appendix A for a guided tour of the JPA Project code and persistence configuration in the JPA Project application. A JPA Persistence Unit is a logical grouping of user defined persistable classes with related settings. Persistence units are defined in a persistence.xml file, which has to be located in the META-INF directory in the classpath. __a. In the Enterprise Explorer, navigate to JPA Project src META-INF persistence.xml.
__b. Right click on the persistence.xml. Then select open with Other from the context menu.
Page 13
IBM Software
__c.
Then select Persistence XML Editor (WebSphere) from the selection list. Then click OK.
__d. The persistence.xml file will open in the WebSphere persistence editor. Select the Design Tab to view the content.
__e.
Close the editor for the persistence.xml file.
Page 14
IBM Software
2.2.2
Summary
Congratulations you have successfully reviewed the JPA project and the required JPA Entity that is used in the Blog application to persist blog entries into the database. In this section you should have a high level understanding of the purpose and functionality of the JPA Entity and the associated persistence XML file. In this section, you reviewed: The JPA project The JPA entity The persistence.xml
2.3
Reviewing the Web Front End for the Blog Application
In the next tasks, you will review and explore the Web Application project, two servlets and the html file that are part of the Blog application. One Servlet displays the blog posts and the other Servlet allows you to create new posts. The html file provides a form to submit the new blog post. __1. For your reference, here is the html input form. There is no action to take on this step.
__2.
For your reference, here is the view of the Blog postings. There is no action to take on this step.
Page 15
IBM Software
2.3.1
Exploring the PostBlog Servlet

The role of the PostBlog Servlet is to post the contents of the Blog entry and persist the data to the Derby database. The PostBlog Servlet is invoked by a simple HTML form that we will explore later in this lab.
__1.
Import the Blog Web Project into the Workspace __a. Select File Import General Existing Projects into Workspace from the menu bar. Then click the Next button.
__b. On the Import Projects dialog, click on the radio button labeled Select Archive File, and then click the Browse button to select the X:\Student\LabFiles\Lab02\BlogArchive_Import2.zip file. Then click Open.
Page 16
IBM Software
__c. Select the Blog (Blog) project from the archive. Then click the Finish button to import the archive file __2. Add the JPA Project to the Blog application Deployment Assembly. The Blog application needs to use the JPA entity, so we need to make it visible at runtime. NOTE: Ideally, this could be included in the archive when the project is imported. However, at the time of this writing, there is an issue at runtime if the Deployment Assembly is pre-configured in the archive that is imported during the lab. __a. __b. __c. __d. Right mouse click on the Blog project. Select Properties from the context menu. Select Deployment Assembly from the Properties dialog. Then click the Add button. Select Project from the dialog window. Then click the Next button.
Page 17
IBM Software
__e. Select the JPA Project from the Projects dialog. And, then click the Finish button to complete the process.
__f.
Click the OK button to complete the configuration changes.
Page 18
IBM Software
__3.
Navigate to the PostBlog Servlet __a. Switch to the Java EE perspective in eclipse. __b. In the Project Explorer, navigate to Blog Java Resources src lab.blog.web PostBlog.java.
__c.
Double click on PostBlog.java to display the source code in the editor pane.
__4.
Now we will do a quick review of the PostBlog.java.
Page 19
IBM Software
You can take time here to review the code on your own. TIP: You can refer to Appendix B for a guided tour of the PostBlog Servlet code in the Blog application.
2.3.2
Exploring the ViewBlog Servlet

You can take time here to review the code on your own. TIP: You can refer to Appendix C for a guided tour of the ViewBlog Servlet code in the Blog application. The role of the ViewBlog Servlet is to access the Blog database and query the Blog data. The Servlet generates a List of Blog entries in which the Servlet displays as HTML to render the output in a Web Browser.
__1.
Now we will do a quick review of the ViewBlog.java. First, navigate to the ViewBlog Servlet __a. Switch to the Java EE perspective in eclipse. __b. In the Enterprise Explorer, navigate to Blog Java Resources src lab.blog.web ViewBlog.java.
Page 20
IBM Software
__c.
Double click on ViewBlog.java to display the source code in the editor pane. The ViewBlog.java is used to display the contents of the Blog as the user enters new blog entries.
__d. Thats it for the Servlet review for the Blog application. All that is left is to review the html page with a simple form so a blog can be posted. In the next section, we will quickly review the content of the createBlogPost.html that serves this purpose.
Page 21
IBM Software
__e.
Close the ViewBlog java editor
2.3.3
Exploring the createBlogPost HTML

You can take time here to review the code on your own. TIP: You can refer to Appendix D for a guided tour of the createBlogPost html code in the Blog application. The role of the createBlogPost HTML is to provide an input form for the user to enter a blog entry. The HTML form invokes the PostBlog Servlet which persists the blog entry to the database.
__1. Now we will do a quick review of the createBlogPost.html. First, navigate to the createBlogPost.html file __a. Switch to the Java EE perspective in eclipse. __b. In the Enterprise Explorer, navigate to Blog WebContent createBlogPost.html.
__c. Open the createBlogPost.html using the Rich Page editor to display the source and design views of the html page. __i.Right Mouse click on the createBlogPost.html file. __ii. Select Open With Rich Page Editor from the context menu. And, then select the Source View.
Page 22
IBM Software
__d. The body of the HLML file contains a simple HTML form that contains input fields for the Blog Title and Blog Body. The form invokes the PostBlog Servlet when the Submit button is pressed. The HTML source for the createBlogPost.html should look similar to the illustration below
2.3.4
Summary
In this section of the lab, you have explored the components of the Web Application that makes use of the JPA project to access content from a database. You explored the following aspects of the Web Project: Configuration of the Web project to place the output of another project in the WEB-INF/lib. How to create two Servlets that make use of JPA. How to configure a resource reference using annotations. How to create a simple HTML based form.
Page 23
IBM Software
2.4
Configuring the server and running the application
Congratulations your application review is now complete. Now the fun starts as you configure the server so it can connect to a database.
2.4.1
Configuring the Data Source to connect to the database
__1. In this lab, a simple embedded derby database is required. In this step, you will make the derby.jar available as a shared library for the Liberty Profile Server where the Derby library will be available to the runtime environment. __a. To do this, you will use eclipse to import the derby.jar file, from the Lab Files directory, into the Liberty Server shared resources folder. __b. If not already started, Launch Eclipse and open the Java EE perspective.
__c. In the Enterprise Explorer view, Navigate to the shared resources folder in the Liberty Server configuration: WebSphere Application Server V8.5 Liberty Profile shared resources
__d.
Create a new folder named derby. __i. Right mouse click on the Resources folder. And then select New Folder.
Page 24
IBM Software
__ii.
Enter derby in the folder name field. And then click Finish to create the new folder.
__e.
Import the derby.jar into the Derby shard resources folder. __i. Right mouse click on the derby folder. And then select Import from the context menu.
__ii. On the Import dialog, select General File System. And then click the Next button. __iii. On the File System Import Dialog, use the Browse button, next to the From Directory field, and navigate to X:\Student\LabFiles\Lab02\. __iv. Select derby.jar from the file list.
Page 25
IBM Software
__v. Click the Finish Button to import the derby.jar file.
__2. The server does not start the necessary components required for database access unless configured to do so. This means the server is currently unable to access databases. To enable the database support the jdbc-4.0 feature needs to be configured. __a. In Eclipse, Switch to the Java EE Perspective. This perspective includes the Servers view. __b. Navigate to the Servers view and expand WebSphere Application Server V8.5 Liberty Profile at localhost [labServer] This item can be expanded to show a logical view of the configuration. However you need to edit rather than view the configuration.
Page 26
IBM Software
__c.
Right click Server Configuration [server.xml] Liberty Server for Labs and click open.
__d. __e.
Select the Design tab on the configuration editor. Click the Feature Manager option from the Configuration Structure section.
__f. On the right side of the editor the details are viewable. To add a new feature click Add... to add a new feature into the list.
Page 27
IBM Software
__g.
Click the down arrow and select jdbc-4.0.
__h.
Save the file. If the server is still running after the earlier activity, switch to the console view to see the server report that it has responded to the new feature being configured. The server can now support database access; however no DataSources have been configured.
__3.
The next step is to configure the server so it can locate the database jar from the previous step. __a. In the Design tab of the server configuration editor, click Server Configuration and click Add.
__b.
Start typing Shared Library and when highlighted click OK.
__c. The shared library needs to have an id so it can be used elsewhere. In the Shared Library Details section in the id field enter derby.
Page 28
IBM Software
__d.
In the Configuration Structure section, click Shared Library. And, then click Add.
__e. __f.
Click Fileset Reference. And then click the OK button. As the Base directory, enter ${shared.resource.dir}/derby
Page 29
IBM Software
__g.
Save the configuration This has created a shared library that contains the derby jar. If you switch to the Source view it looks like this: <library id="derby"> <fileset dir="${shared.resource.dir}/derby"/> </library> Notice that the Design view shows all the values, but the Source view only includes values which are different from the defaults.
__4.
Back in the Design tab the next step is to define the JDBC driver. __a. __b. __c. __d. Click Server Configuration and click Add. Type JDBC Driver and when selected click OK. On the JDBC Driver Details enter derbyDriver into the Id field. In the Shared Libraries field select derby from the pull down menu.
Page 30
IBM Software
__5.
The next step is to define a DataSource In the persistence.xml, this was created using the resource ref JNDI name java:comp/env/jdbc/blogDB. By default, if no binding is provided, then the resource ref name of jdbc/blogDB is used to look up an object in JNDI. __a. __b. __c. __d. __e. In the Design tab click Server Configuration and click Add. Type Data Source and when highlighted click OK. In the JNDI name field on the Data Source Details enter jdbc/blogDB In the JDBC driver field select derbyDriver from the pull down menu. In the Type field, select javax.sql.ConnectionPoolDataSource from the pull down menu.
Page 31
IBM Software
__6.
Now, configure the derby specific properties: __a. __b. In the Configuration Structure click the DataSource and click Add. Select Properties for Derby Embedded. And, then click OK.
__c. In the Properties for Derby Embedded Details, choose false from the Create Database pull down menu. TIP: The Derby database required for the lab has already been created in the virtual image. Therefore, the create database flag should be set to false. __d. In the Database name enter C:\Student\Derby\databases\blogDB This is the location of the pre-configured Derby Database on the Virtual Image.
Page 32
IBM Software
__e.
Save the configuration. Looking in the source view you should see the following:
<dataSource jndiName="jdbc/blogDB" jdbcDriverRef="derbyDriver" type="javax.sql.ConnectionPoolDataSource"> <properties.derby.embedded createDatabase="false" databaseName="C:\Student\Derby\databases\blogDB"/> </dataSource>
This configures a derby Data Source in JNDI at jdbc/blogDB and specifies the location of the blogDB database. __7. Add the JPA-2.0 feature to the Liberty Server configuration. __a. __b. Select the Design tab on the configuration editor. Click the Feature Manager option from the Configuration Structure section.
Page 33
IBM Software
__c. On the right side of the editor the details are viewable. To add a new feature click Add... to add a new feature into the list. __d. Click the down arrow and select jpa-2.0.
__e.
Save the configuration file.
Page 34
IBM Software
__8. The application has now been created, and the server configured to support it. The next step is to run the application. __a. If the server is running, Stop the Liberty Profile Server [labServer], using the STOP icon located on the Server view. __b. Start the Liberty Profile Server. Use the Start icon in the Servers view to start the server if necessary.
__c. When the server starts, navigate to the createBlogPost.html file in the Blog Web Project.
__d. __e. __f. __g.
Right click createBlogPost.html file in the Enterprise Explorer view. Select RunAs > Run on Server. Select the WebSphere Application Server V8.5 Liberty Profile and click Finish. The application is be added to the server and the web page opened. TIP: If a 404 error is returned, refresh the web browser editor and it should come up.
Page 35
IBM Software
__9.
Test the Blog application __a. Enter a title and body into the blog and click the Submit Query button. The post is written to the database and a list of the posts shown.
Page 36
IBM Software
__b. To prove that the post was persisted, select the server in the servers view, right click on the server, and select restart. __c. Then refresh the web browser to see the content remains unchanged.
2.4.2
Summary
In this exercise you have learned how to: Configure a Liberty profile server. Add features to the server configuration to enable additional capabilities. Configure a library that contains a JDBC driver for database access. Configure a DataSource that can be used by applications, or JPA to persist data. Have a feature automatically added to the configuration based on the Liberty Profiles intelligence about features being used in the Blog application. This demonstrates how little configuration is required to access a database.
2.5
Securing an Application
In this next section of the lab, you are going to secure access to the blog application. The Liberty Profile maintains security in a default install by ensuring that it only listens to requests from the local host. In this exercise you learn how to configure the server to listen for https requests, configure a basic user registry, and protect access so only authorized users can post to the blog.
2.5.1
Configure the Liberty server for https support
The configuration of the server to enable https support is a two-step process.

Page 37
IBM Software
__1.
Create self-signed SSL certificates Configuring the server to use these certificates for SSL Create a self-signed certificate __a. __b. __c. __d. __e. The securityUtility command line tool needs to be used to create the SSL certificates: First, minimize the eclipse workbench Open a Windows command prompt Navigate to the directory the liberty profile was installed to: C:\Student\LibertyWork\wlp To create the certificate in the command prompt, type the following text as a single line:
bin\securityUtility createSSLCertificate --server=labServer password=passw0rd --
This generates the keystore and places it in the server configuration directory. The utility also produces output of the XML snippet that can be copied into the server.xml to use the keyStore.
__2.
Update the server configuration with the ssl feature and keystore __a. Navigate to the server.xml file in the eclipse workbench. WebSphere Application Server V8.5 Liberty Profile servers labServer server.xml
Page 38
IBM Software
__b. Copy the output generated by the securityUtility command. And, then paste it into the server.xml Source tab (in the eclipse workbench).
This configures the SSL feature in the runtime and tells the runtime the password to use when accessing the default key store.
__c. __d.
Save the configuration. Look in the console view to see the ssl-1.0 feature has been installed. It displays this message:
[AUDIT ] CWWKG0016I: Starting server configuration update. [AUDIT ] CWWKG0017I: The server configuration was successfully updated in 4.766 seconds. [AUDIT ] CWWKF0012I: The server installed the following features: [ssl-1.0]. Discovering the value of IBM WebSphere Application Server V8.5 for Administrators An IBM Proof of Technology
Page 39
IBM Software
[AUDIT
] CWWKF0008I: Feature update completed in 1.062 seconds.
__3.
Configure the Liberty Server to run the security related features. The appSecurity-1.0 feature is used to secure web resources. __a. __b. Select the Design tab on the configuration editor. Click the Feature Manager option from the Configuration Structure section.
__c. On the right side of the editor the details are viewable. To add a new feature click Add... to add a new feature into the list. __d. Click the down arrow and select appSecurity-1.0.
Page 40
IBM Software
__e.
Save the configuration file.
The Liberty Profile Server is now configured to support http traffic on port 9443. In the next section, you will setup a basic user registry that is included with the Liberty profile. And, then, you will configure the Blog application to secure its web resources.
2.5.2
__1.
Setup a basic user registry to test role based access to the blog application
Configure a user registry. The Liberty Profile comes with a basic registry that can be configured in server.xml. In this lab, you will configure a basic user registry to test the security features in the Liberty profile. __a. __b. Switch to the Design tab and click Server Configuration. And, then click Add. Type Basic User Registry, and when highlighted click OK
__c.
In the Basic User Registry Details provide a value for the Id by entering BasicRegistry.
Page 41
IBM Software
__2.
Add a new user to the User Registry __a. In the Configuration Structure, click Basic User Registry. And, then click Add. __b. Click User. And, then click OK.
__c. __d. __e.
In the User Details section, enter alice as the user name. Next to the User Password field, click the Edit button. Enter and confirm a password and click OK. __ii. Use alicePW as the password __iii. Remember the password as it is needed later in the lab
Page 42
IBM Software
__f.
Save the server configuration. Congratulations a registry now exists in the server, and contains one user named alice.
2.5.3
Securing the blog application resources
The next step is to configure security for the Blog application. This requires a web deployment descriptor. __1. Create a web descriptor file __a. From the Enterprise Explorer view, Right click on the Blog Web Project __b. Click Java EE Tools > Generate Deployment Descriptor Stub.
Page 43
IBM Software
__2.
Define a new security Role in the web descriptor file. __a. In the Project Explorer view, navigate to Blog > WebContent > WEB-INF and double click on the web.xml to view it in the Web Deployment Descriptor Editor. TIP: The web Deployment Descriptor editor is included with the Web Development Tools that is included with the Liberty Profile Tools eclipse plug-in. These tools were pre-installed on the virtual image, __b. __c. Select Web Application and click Add. Type Security Role and then click OK.
Page 44
IBM Software
__d.
In the Role Name field enter author.
__3.
Define the security constraints for the protected resources __a. Select Web Application and click Add. __b. Type Security Constraint and when selected, click OK. __i. Ignore any errors that are displayed. These will be fixed in the subsequent steps.
Page 45
IBM Software
__c. In the Details section, enter Post Constraint in the Display Name field. __d. Next to the Role Name field, click Add and replace [New Item] with author. __e. In Transport Guarantee select NONE from the pull down menu. Setting the Transport Guarantee to NONE means that SSL is not required to invoke the Blog application. However, as we will demonstrate, the Blog application will be available form the HTTP and HTTPS transports. In both cases, you will be prompted for user credentials to access the protected web resources in the application.
Page 46
IBM Software
__4.
Define the Web resources to protect __a. In the Overview section in the web.xml file, select Web Resource Collection under Web Application Security Constraint (Post Constraint) __b. __c. Enter Post Resources in the Web Resource Name field. Next to URL Pattern field, click the Add button. And then enter /PostBlog.
__d. Next to URL Pattern field, click the Add button again. And then enter /createBlogPost.html This ensures that requests to PostBlog and createBlogPost.html are authenticated using basic http authentication.
Page 47
IBM Software
__e.
Save the Web Deployment Descriptor. The errors in the Web Deployment Descriptor should now be resolved. The application is now configured to be secure, but the roles to user/group mappings have not yet been defined.
__5.
Define User / Group mappings __a. __b. Go to the Servers view. Double click on the Server Configuration to open the Server Configuration editor.
__c. Ensure you are in the Design mode by selecting the Design Tab on the Server Configuration editor.
__d. Find the Application:Blog element for the Blog application in the Configuration Structure in the Design tab.
Page 48
IBM Software
__e. __f. __g.
Click on the Application: Blog element. And then click the Add button. Select Application Bindings from the menu. When highlighted, click the OK button. Click on Application Bindings. And then click the Add button.
__h. __i.
Select security-role from the list. When highlighted, click the OK button. In the Security role details section, provide the Security role name as author
Page 49
IBM Software
This ties up with the role name in the web.xml defined earlier in the lab.
__j.
Select the security-role from the Configuration Structure section. And then click the Add button. Select user from the list. When highlighted click the OK button.
__k.
__l.
In the User name field, enter the user name you defined earlier. In the example this was alice.
Page 50
IBM Software
The normal best practice would be to use groups for role mappings rather than users. Defining groups is performed basically the same as defining users. __m. __n. Save the configuration The application is now ready to run with security enabled.
2.5.4
Testing user access to secure resources in the blog application
Now that the security features of the Liberty server is configured, you can now test the Blog application to ensure that the resources are protected as expected using SSL and role based access control to protected resources. __1. __2. __3. Stop and then restart the Liberty profile Server in order for the security settings to take effect. Close any Web browser windows in Eclipse that have the blog application loaded. Launch the createBlogPost html file on the Liberty Server. __a. Find createBlogPost.html in the Enterprise Explorer view, located under the WebContent folder. __b. __c. Right click and select Run As > Run on server Run it on the Liberty profile server.
Page 51
IBM Software
__d. . __e. __g.
The web browser comes up. You are then prompted for a user name and password. Enter the credentials as defined in the lab username: alice password: alicePW Click OK
__h. __i.
Finally, fill in the title and body and click Submit. This securely posts to the blog.
__4.
Close the Web browser windows in Eclipse that have the blog application loaded.
Page 52
IBM Software
__5.
Launch the createBlogPost html file on the Liberty Server. __f. Find createBlogPost.html in the Enterprise Explorer view, located under the WebContent folder. __g. __h. Right click and select Run As > Run on server Run it on the Liberty profile server.
__i. When the browser comes up, change the URL to use the HTTPS transport and SSL port; https://localhost:9443/Blog/createBlogPost.html. And, then click the GO browser. icon on the
__j. This re-executes the URL using the SSL transport. It prompts for you to accept the selfsigned certificate. This demonstrates that SSL is working and requests are redirected to the SSL port automatically. __k. Click the Yes button to proceed.
Page 53
IBM Software
__j. Finally, fill in the title and body and click Submit.
__k. This securely posts to the blog using the SSL transport. Because you already provided the authorization credentials, you will not be prompted again for the userid and password.
2.5.5
Summary
In this section of the lab, you have learned how to: Generate self-signed certificates Configure the Liberty Server to use the certificates. Update a Web application to protect servlets and html files so authentication and encryption are used when accessing them. Configure the role mappings for the Web application to enable a user to access the Web application.
2.6
Packaging the Liberty Profile Server using the Developer Tools
Page 54
IBM Software
You can create a compressed file containing a server runtime environment, server configuration, and applications using the packaging wizard in the development environment. This is useful for packaging the Liberty profile and its application resources for a remote deployment using the WebSphere Job Manager.
2.6.1
Package the Liberty Server, configuration, and applications
__1.
In the Servers view, stop the Liberty profile Server using the Stop Server icon.
__2.
Package the Server, configuration, and applications. __a. From the Servers view, Right-Click on your Liberty Profile. And, then select Utilities Package Server . From the context menu.
__b.
Package the server into a distributable archive __i. From the Package Server dialog, enter c:\Student\LibertyWork\Output\Lab2Package.zip for the Archive location. __ii. Select All server content for the Include pull down menu,
Page 55
IBM Software
__iii. Click the Finish button to create the package. This will result in ALL of the server configuration and applications to be included in the archive file that will be created.
__c.
You can explore the compressed file that was generated. You will notice that the package includes the server, server configuration, and the applications deployed to the server. The packaged distributable archive is suitable to be deployed to a remote Liberty server using the WebSphere Job Manager. You will explore these capabilities in a subsequent lab.
Page 56
IBM Software
2.6.2
Summary
In this section of the lab, you have learned how to: Package a Liberty Server and its resources using the developer tools. This capability is also available from the Liberty Profile command line using the server package command and its associated command line options. The equivalent command is: server package labServer archive=c:\Student\Outputlab2package
2.7
Conclusion
Congratulations on completing this lab. In it you have learned how to: Work with a JPA project Work with JPA entities Work with a persistence.xml Work with a Web project Configure the Web project to place the output of another project in the WEB-INF/lib Associate the Web project with a target runtime Use Servlets that make use of JPA Configure a resource reference using annotations Create a simple HTML based form
Page 57
IBM Software
Configure a Liberty profile server Add a feature to the server configuration to enable additional capabilities Configure a library that contains a JDBC driver for database access Configure a DataSource that can be used by applications, or JPA to persist data Generate self-signed certificates and configured the server to use them Update a Web application to protect servlets and html files so authentication and encryption are used when accessing them Configure the role mappings for the Web application to enable a user to access the Web application Package the Liberty Profile resources for remote deployment to integration test or production environments
If you are interested in learning more then check out the WAS Dev community at http:// wasdev.net/. This is a new developer focused community which is supported by the development team responsible for the Liberty profile and the developer tools. The community website contains: Instructions on how to get the latest developer tools for all platforms. The latest version of the runtime. Videos on how to use various features of the Liberty profile. Podcasts about the early access program. Samples to help understand how to use the Liberty profile. Articles on the Liberty profile and developer tools. A forum to request and provide help when using the Liberty profile and the developer tools. Ability to request enhancements.
=================== END OF LAB 02 ====================
2.8
Appendix A: Review of JPA Project code and persistence XML configuration

Exploring the BlogEntry JPA code
2.8.1
__1.
Here, you can review the BlogEntry code in the JPA Project. __a. The BlogEntry is a POJO that contains the getter / setter methods used to access and update the fields defined in the BlogEntry entity. __b. The BlogEntry contains the following fields that are used to create a blog entry in the database, which will be persisted into the Derby database.
Page 58
IBM Software
private private private private
int ID; String title; String body; Date postDate = new Date();
__i. The id is the unique identifier for the blog entry. __ii. The title is a title for the blog entry, as entered by the user. __iii. The body is the text of the blog as entered by the user. __iv. The postdate sets the current data and timestamp for the blog entry, when it was posted by the user. __c. The Id field is a generated value that uniquely identifies the blog entry in the database. We would like to get the JPA runtime to generate a value for the id field. Remember this is the database primary key so needs to be unique. This is accomplished using the following annotation to the getId method.
@Id @GeneratedValue(strategy=GenerationType.IDENTITY) public int getID() { return this.ID; }
__i. The @Id annotation defines the Id field as the identifier __ii. The @GeneratedValue annotation signifies the value is to be generated using the generation type specified. __d. The remainder of the Java code represents simple getter / setter methods for accessing and updating the title, body, and date fields on the Blog Entry.
public String getTitle() { return this.title; } public void setTitle(String title) { this.title = title; } public String getBody() { return this.body; } public void setBody(String body) { this.body = body; } public Date getPostDate() { return this.postDate; } public void setPostDate(Date postDate) { this.postDate = postDate; Discovering the value of IBM WebSphere Application Server V8.5 for Administrators An IBM Proof of Technology
Page 59
IBM Software
__e.
Close the BlogEntry editor.
2.8.2
Exploring the persistence XML in the JPA Project
__1.
Open the persistence.xml for review. A JPA Persistence Unit is a logical grouping of user defined persistable classes with related settings. Persistence units are defined in a persistence.xml file, which has to be located in the META-INF directory in the classpath. __a. In the Enterprise Explorer, navigate to JPA Project src META-INF persistence.xml.
__b. Right click on the persistence.xml. Then select open with Other from the context menu.
Page 60
IBM Software
__c.
Then select Persistence XML Editor (WebSphere) from the selection list. Then click OK.
__d. The persistence.xml file will open in the WebSphere persistence editor. Select the Design Tab to view the content.
Page 61
IBM Software
__e. Click on Persistence Unit (blog) under the Overview section to view the details of the persistence unit configuration in the persistence.xml file. __i. Here you see the data source definition that is required to connect to the database. This must match the data source definition that is defined in the Liberty Profile server configuration. We have not yet defined the server resources. That is covered in a subsequent section of the lab.
__f. Click the + sign next to the Persistence Unit (blog) entry to view the details of the persistence class.
Page 62
IBM Software
__i. Here you see the set of classes that are managed by the persistence unit. In this case, the lab.blog.jpa.BlogEntry class that we just reviewed is defined.
__g. You may click the Source tab and explore the complete source for the persistence.xml file.
__h.
Close the editor for the persistence.xml file.
2.9
2.9.1
Appendix B: Review of PostBlog java code in the Blog project

Exploring the PostBlog Servlet
__1.
Navigate to the PostBlog Servlet

Page 63
IBM Software
__a.
Switch to the Java EE perspective in eclipse.
__b. In the Project Explorer, navigate to Blog Java Resources src lab.blog.web PostBlog.java.
__c. __2.
Double click on PostBlog.java to display the source code in the editor pane.
Now we will do a quick review of the PostBlog.java.
The function of the PostBlog.java is to perform an HTTP Post of the form data to persist the blog content to the database. __a. The first thing we did is to define a resource reference to lookup the JDBC DataSource. This is done either using annotations or via the web.xml file. In this lab, the annotation based approach was used. __i. The annotation is used to define the resource definition to our Blog data source.
Page 64
IBM Software
This defines a resource reference for a DataSource that is available in java:comp/env/jdbc/blogDB. This is the name defined in the persistence.xml we explored earlier in the JPA PAroject. __b. Since this servlet makes use of JPA, you need to get an EntityManagerFactory injected. The EntityManager is used to create, update, and persist entities into the database. i. The EntityManager belongs to the javax.persistence.* package.
__c. Now we will take a quick look at the method body of the doPost method. The first thing we do is extract the information from the request. __i. This is done by adding the highlighted code into the doPost method: This code extracts the title and body into String variables.
__d. Once we have the data, we populate the entity. This is quite simple since the id and postDate fields are automatically generated. The entity can be created like a simple POJO, using the setter methods defined on the BlogEntry JPA class.
Page 65
IBM Software
__e. Now that the entity is populated, the next step is creating an EntityManager instance from the EntityManagerFactory that is injected. The EntityManager is used to create, update, and persist entities into the database.
__f. Updates to the entity manager, such as creating a new entity, need to be done under a transaction. You can either use a 2 phase commit transaction using the JTA support, or you can use a transaction local to the EntityManager. This lab uses the latter option. In the persistence.xml you earlier set the Transaction Type to RESOURCE_LOCAL. To use this, we created an entity manager local transaction object.
Page 66
IBM Software
__g. Now that we have transaction, we can begin the transaction, persist the entity, and commit the transaction, as illustrated below.
__h. The entity has now been persisted to the database. The last thing to do is keep the runtime tidy and close the EntityManager.
Page 67
IBM Software
__i. At this point the servlet is done, but nothing has been sent back to the client. Rather than return nothing the client should be redirected to some content. In this case displaying the blog entries would seem appropriate. The ViewBlog Servlet is used to render the blog content to the user. So, we put in a simple redirect to point to the ViewBlog Servlet to display the output.
__j.Close the PostBlog editor
2.10 Appendix C: Review of ViewBlog java code in the Blog project

2.10.1 Exploring the ViewBlog Servlet
The role of the ViewBlog Servlet is to access the Blog database and query the Blog data. The Servlet generates a List of Blog entries in which the Servlet displays as HTML to render the output in a Web Browser. __1. Now we will do a quick review of the ViewBlog.java. First, navigate to the ViewBlog Servlet __a. Switch to the Java EE perspective in eclipse. __b. In the Enterprise Explorer, navigate to Blog Java Resources src lab.blog.web ViewBlog.java.
Page 68
IBM Software
__c.
Double click on ViewBlog.java to display the source code in the editor pane. The ViewBlog.java is used to display the contents of the Blog as the user enters new blog entries.
__d. Like the PostBlog servlet, this Servlet makes use of JPA. So we added the same code to get an EntityManagerFactory.
__e. The client needs some HTML so it can render the output in a web browser. To do this, we developed the following code in the doGet method to output the HTML to the web browser.
Page 69
IBM Software
__f. Next, we create and start reading the entity. To do this, we use an EntityManager instance, and add it to the body of the HTML. This is not exactly a best practice, but it serves our purpose to display output to a web browser. EntityManager em = blog.createEntityManager(); __g. To access the blog posts you need to query the database for all entities. This is done by passing a query string to the entity manager. Query q = em.createQuery("SELECT b FROM BlogEntry b ORDER BY b.postDate DESC"); This requests all BlogEntry entities in the database, in descending order based on the post date. Since this is a simple application, the lab does not filter the list of results to be returned. It just returns all of them. In reality only a subset would be requested. __h. Next, we execute the query and assign place the results into a List of BlogEntry objects. List<BlogEntry> entries = q.getResultList(); __i.At this point, the doGet method should look similar to the illustration below.
Page 70
IBM Software
__j.Now that we have a List of BlogEntry objects, we need to loop through all the entries writing them to the client with some html markup. For this, we use a for loop.
__k.
The last thing is to write the close body and html tags to the client. out.println("</body>"); out.println("</html>");
Page 71
IBM Software
The doGet method is now complete, and should look similar to the illustration below.
__l.The Servlets have now been created. All that is left is to create an html page with a simple a simple form so a blog can be posted. In the next section, we will quickly review the content of the createBlogPost.html that serves this purpose. __m. Close the ViewBlog java editor
2.11 Appendix D: Review of createBlogPost html code in the Blog project

2.11.1 Exploring the createBlogPost HTML
The role of the createBlogPost HTML is to provide an input form for the user to enter a blog entry. The HTML form invokes the PostBlog Servlet which persists the blog entry to the database.
Page 72
IBM Software
__1. Now we will do a quick review of the createBlogPost.html. First, navigate to the createBlogPost.html file __a. Switch to the Java EE perspective in eclipse. __b. In the Enterprise Explorer, navigate to Blog WebContent createBlogPost.html.
__c. Open the createBlogPost.html using the Rich Page editor to display the source and design views of the html page. __i. Right Mouse click on the createBlogPost.html file. __ii. Select Open With Rich Page Editor from the context menu. And, then select the Source View.
__d. The body of the HLML file contains a simple HTML form that contains input fields for the Blog Title and Blog Body. The form invokes the PostBlog Servlet when the Submit button is pressed. The HTML source for the createBlogPost.html should look similar to the illustration below
Page 73
IBM Software
The split view of the createBlogPost.html file should look like this:
Page 74
IBM Software
__e. Close the createBlogPost.html editor
Page 75

L02 WAS85 Liberty Admin V1.4

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

L02 WAS85 Liberty Admin V1.4

Încărcat de

Drepturi de autor:

Formate disponibile

L02: Learn to Accelerate your Web App Development with the WebSphere Application Server Liberty Profile

Lab Setup (Required only if you did not complete Lab 1)

Blog Servlet Application

Add a Blog Entry

Post Blog Content

Persist and retrieve blog records

View Blog Content

The JPA (Java persistence) Entity

Close the editor for the persistence.xml file.

Reviewing the Web Front End for the Blog Application

Exploring the PostBlog Servlet

Click the OK button to complete the configuration changes.

Now we will do a quick review of the PostBlog.java.

Exploring the ViewBlog Servlet

Close the ViewBlog java editor

Exploring the createBlogPost HTML

Configuring the server and running the application

Configuring the Data Source to connect to the database

__v. Click the Finish Button to import the derby.jar file.

Click the down arrow and select jdbc-4.0.

Start typing Shared Library and when highlighted click OK.

Save the configuration file.

__d. __e. __f. __g.

Configure the Liberty server for https support

The configuration of the server to enable https support is a two-step process.

] CWWKF0008I: Feature update completed in 1.062 seconds.

Save the configuration file.

__c. __d. __e.

Securing the blog application resources

In the Role Name field enter author.

__e. __f. __g.

Testing user access to secure resources in the blog application

__d. . __e. __g.

Packaging the Liberty Profile Server using the Developer Tools

Package the Liberty Server, configuration, and applications

=================== END OF LAB 02 ====================

Appendix A: Review of JPA Project code and persistence XML configuration

private private private private

@Id @GeneratedValue(strategy=GenerationType.IDENTITY) public int getID() { return this.ID; }

Close the BlogEntry editor.

Exploring the persistence XML in the JPA Project

Close the editor for the persistence.xml file.

Appendix B: Review of PostBlog java code in the Blog project

Navigate to the PostBlog Servlet

Switch to the Java EE perspective in eclipse.

Now we will do a quick review of the PostBlog.java.

__j.Close the PostBlog editor

2.10 Appendix C: Review of ViewBlog java code in the Blog project

2.11 Appendix D: Review of createBlogPost html code in the Blog project

__e. Close the createBlogPost.html editor

S-ar putea să vă placă și

d. e. f. g.

c. d. __e.

e. f. __g.

d. . e. __g.