Beruflich Dokumente
Kultur Dokumente
Version 8 Release 5
IBM WebSphere Application Server
V8.5.Next Beta
Note
Before using this information and the product it supports, read the information in Notices on page 575.
When you send information to IBM, you grant IBM a nonexclusive right to use or distribute the information in any
way it believes appropriate without incurring any obligation to you.
Copyright IBM Corporation 2011, 2013.
US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Chapter 1. IBM WebSphere Application
Server Developer Tools for Eclipse,
Version 9.0 Beta overview . . . . . . . 2
Chapter 2. The Liberty profile . . . . . 5
Liberty profile: Architecture . . . . . . . . . 5
Programming model support . . . . . . . . 8
Liberty profile externals support . . . . . . 11
Liberty profile: Server configuration . . . . . . 12
Liberty profile: Feature management . . . . . . 13
Liberty features . . . . . . . . . . . . 14
Liberty profile: Shared libraries . . . . . . . . 21
Liberty profile: Product extension . . . . . . . 22
Liberty profile: Security . . . . . . . . . . 25
Liberty profile: Quick overview of security . . . 29
Liberty profile: Authentication . . . . . . . 29
Liberty profile: Authorization . . . . . . . 40
Liberty profile: Security public APIs . . . . . 43
Configuration differences between the full profile
and Liberty profile: security . . . . . . . . 46
Liberty profile: The limits to protection through
password encryption . . . . . . . . . . 47
Liberty profile: Messaging . . . . . . . . . 48
Liberty profile: High Performance Extensible
Logging (HPEL) . . . . . . . . . . . . . 51
LogViewer command-line tool . . . . . . . 55
MongoDB databases . . . . . . . . . . . 58
Chapter 3. End-to-end paths for the
Liberty profile. . . . . . . . . . . . 59
Enabling JMS messaging for the Liberty profile . . 59
Enabling JMS messaging for a single Liberty
profile server . . . . . . . . . . . . . 59
Enabling JMS messaging between two Liberty
profile servers . . . . . . . . . . . . 62
Chapter 4. Migrating applications to the
Liberty profile. . . . . . . . . . . . 67
Migrating data access applications to the Liberty
profile . . . . . . . . . . . . . . . . 67
Configuration differences between the full profile
and Liberty profile: dataSource and jdbcDriver
elements . . . . . . . . . . . . . . 67
Configuration differences between the full profile
and Liberty profile: connectionManager element . 68
Migrating a DB2 data source to the Liberty
profile . . . . . . . . . . . . . . . 69
Migrating a Derby embedded data source to the
Liberty profile . . . . . . . . . . . . 71
Chapter 5. Installing the Liberty profile 73
Installing the Liberty profile developer tools and
(optionally) the Liberty profile . . . . . . . . 73
Installing the developer tools from a remote
repository . . . . . . . . . . . . . . 74
Installing the developer tools from downloaded
installation files . . . . . . . . . . . . 76
Configuring the developer tools installation . . 77
Installing Maven Integration for Eclipse . . . . 79
System requirements for WebSphere Application
Server Developer Tools for Eclipse. . . . . . 80
Installing the Liberty profile by extracting an
archive file . . . . . . . . . . . . . . 83
Applying a fix pack to a Liberty profile archive
installation . . . . . . . . . . . . . . 84
Removing a fix pack from a Liberty profile
archive installation . . . . . . . . . . . 86
Applying an interim fix to a Liberty profile archive
installation . . . . . . . . . . . . . . 86
Removing an interim fix from a Liberty profile
archive install . . . . . . . . . . . . 87
Chapter 6. Setting up the Liberty profile 89
Liberty profile: Directory locations and properties 89
Verifying the integrity of Liberty profile installation 91
Liberty profile: productInfo command . . . . 92
Creating a Liberty profile server by using developer
tools. . . . . . . . . . . . . . . . . 93
Creating a Liberty profile server manually . . . . 95
Specifying Liberty profile bootstrap properties. . . 95
Chapter 7. Administering the Liberty
profile . . . . . . . . . . . . . . . 97
Liberty profile: Configuration elements in the
server.xml file . . . . . . . . . . . . . 97
activationSpec . . . . . . . . . . . . 101
activedLdapFilterProperties. . . . . . . . 101
administrator-role . . . . . . . . . . . 102
application . . . . . . . . . . . . . 103
application-bnd. . . . . . . . . . . . 104
applicationMonitor . . . . . . . . . . 106
authCache . . . . . . . . . . . . . 107
authData . . . . . . . . . . . . . . 108
authenticated . . . . . . . . . . . . 109
authentication . . . . . . . . . . . . 110
automaticLibraries. . . . . . . . . . . 110
baseEntry. . . . . . . . . . . . . . 110
basicRegistry . . . . . . . . . . . . 111
binaryLog . . . . . . . . . . . . . 112
binaryTrace . . . . . . . . . . . . . 114
bundleRepository . . . . . . . . . . . 116
channelfw . . . . . . . . . . . . . 116
classloader . . . . . . . . . . . . . 117
client . . . . . . . . . . . . . . . 119
clientManager . . . . . . . . . . . . 120
config . . . . . . . . . . . . . . . 121
connectionManager . . . . . . . . . . 123
contextService . . . . . . . . . . . . 125
Copyright IBM Corp. 2011, 2013 iii
customLdapFilterProperties. . . . . . . . 126
databaseStore . . . . . . . . . . . . 127
dataSource . . . . . . . . . . . . . 128
disk . . . . . . . . . . . . . . . 132
domino50LdapFilterProperties. . . . . . . 134
edirectoryLdapFilterProperties. . . . . . . 135
ejbContainer. . . . . . . . . . . . . 135
executor . . . . . . . . . . . . . . 136
featureManager. . . . . . . . . . . . 138
federatedRepository . . . . . . . . . . 139
fileset . . . . . . . . . . . . . . . 141
fileTransfer . . . . . . . . . . . . . 142
group . . . . . . . . . . . . . . . 143
groupDisplayNameMapping . . . . . . . 143
groupSecurityNameMapping . . . . . . . 144
hostAuthInfo . . . . . . . . . . . . 145
httpClassification . . . . . . . . . . . 147
httpDispatcher . . . . . . . . . . . . 148
httpEncoding . . . . . . . . . . . . 149
httpEndpoint . . . . . . . . . . . . 158
httpOptions . . . . . . . . . . . . . 160
httpSession . . . . . . . . . . . . . 162
httpSessionDatabase . . . . . . . . . . 167
idsLdapFilterProperties . . . . . . . . . 172
include . . . . . . . . . . . . . . 173
iplanetLdapFilterProperties . . . . . . . . 174
jaasLoginContextEntry . . . . . . . . . 175
jaasLoginModule . . . . . . . . . . . 176
jdbcDriver . . . . . . . . . . . . . 178
jmsCommsEndpoint . . . . . . . . . . 178
jmsCommsOutbound. . . . . . . . . . 180
jmsConnectionFactory . . . . . . . . . 181
jmsQueue . . . . . . . . . . . . . 181
jmsQueueConnectionFactory . . . . . . . 181
jmsTopic . . . . . . . . . . . . . . 181
jmsTopicConnectionFactory. . . . . . . . 181
jndiEntry . . . . . . . . . . . . . . 181
jpa . . . . . . . . . . . . . . . . 182
jspEngine. . . . . . . . . . . . . . 183
keyStore . . . . . . . . . . . . . . 185
ldapRegistry. . . . . . . . . . . . . 186
library. . . . . . . . . . . . . . . 192
localStore. . . . . . . . . . . . . . 194
logging . . . . . . . . . . . . . . 195
ltpa. . . . . . . . . . . . . . . . 197
managedExecutorService . . . . . . . . 198
managedServer . . . . . . . . . . . . 199
managementRepository . . . . . . . . . 199
managementRepositoryConnection . . . . . 200
member . . . . . . . . . . . . . . 201
messagingEngine . . . . . . . . . . . 202
messagingSecurity. . . . . . . . . . . 207
mimeTypes . . . . . . . . . . . . . 208
mongo . . . . . . . . . . . . . . 208
mongoDB . . . . . . . . . . . . . 212
monitor . . . . . . . . . . . . . . 213
nativeTransactionManager . . . . . . . . 213
netscapeLdapFilterProperties . . . . . . . 214
oauthProvider . . . . . . . . . . . . 215
oauthRoles . . . . . . . . . . . . . 220
permission . . . . . . . . . . . . . 221
pluginConfiguration . . . . . . . . . . 221
properties . . . . . . . . . . . . . 223
properties.datadirect.sqlserver . . . . . . . 223
properties.db2.i.native . . . . . . . . . 231
properties.db2.i.toolbox . . . . . . . . . 238
properties.db2.jcc . . . . . . . . . . . 250
properties.derby.client . . . . . . . . . 262
properties.derby.embedded . . . . . . . . 265
properties.informix . . . . . . . . . . 267
properties.informix.jcc . . . . . . . . . 275
properties.jms.ActivationSpec . . . . . . . 282
properties.jms.ConnectionFactory. . . . . . 284
properties.jms.Queue . . . . . . . . . . 286
properties.jms.QueueConnectionFactory . . . 288
properties.jms.Topic . . . . . . . . . . 290
properties.jms.TopicConnectionFactory . . . . 292
properties.microsoft.sqlserver . . . . . . . 294
properties.oracle . . . . . . . . . . . 298
properties.sybase . . . . . . . . . . . 300
quickStartSecurity . . . . . . . . . . . 302
realm . . . . . . . . . . . . . . . 302
remoteAccess . . . . . . . . . . . . 305
role. . . . . . . . . . . . . . . . 306
safAuthorization . . . . . . . . . . . 307
safCredentials . . . . . . . . . . . . 308
safRegistry . . . . . . . . . . . . . 308
safRoleMapper . . . . . . . . . . . . 309
securewayLdapFilterProperties . . . . . . 309
serverCommand . . . . . . . . . . . 310
ssl . . . . . . . . . . . . . . . . 311
sslDefault. . . . . . . . . . . . . . 311
sslOptions . . . . . . . . . . . . . 312
supportedEntityType . . . . . . . . . . 312
syncToOSThread . . . . . . . . . . . 313
tcpOptions . . . . . . . . . . . . . 313
textLog . . . . . . . . . . . . . . 314
transaction . . . . . . . . . . . . . 316
trustAssociation . . . . . . . . . . . 319
uniqueGroupIdMapping. . . . . . . . . 321
uniqueUserIdMapping . . . . . . . . . 322
user . . . . . . . . . . . . . . . 323
userDisplayNameMapping . . . . . . . . 323
userSecurityNameMapping. . . . . . . . 323
variable . . . . . . . . . . . . . . 324
virtualHost . . . . . . . . . . . . . 324
webAppSecurity . . . . . . . . . . . 325
webContainer . . . . . . . . . . . . 329
wimRegistry. . . . . . . . . . . . . 336
wlmClassification . . . . . . . . . . . 337
wsSecurityClient . . . . . . . . . . . 337
wsSecurityProvider . . . . . . . . . . 340
Administering the Liberty profile by using
developer tools . . . . . . . . . . . . . 344
Editing the Liberty profile configuration by
using developer tools. . . . . . . . . . 344
Starting and stopping a server by using
developer tools . . . . . . . . . . . . 345
Defining a utility project as a shared library . . 345
Exploring the runtime environment by using
developer tools . . . . . . . . . . . . 348
iv IBM WebSphere Application Server: V8.5.Next Beta
Displaying the server configuration in a merged
view . . . . . . . . . . . . . . . 348
Viewing the schema documentation for the
server configuration . . . . . . . . . . 349
Generating a Liberty profile server dump using
developer tools . . . . . . . . . . . . 349
Packaging a Liberty profile server by using
developer tools . . . . . . . . . . . . 350
Adding a data source by using developer tools 350
Administering the Liberty profile manually . . . 351
Customizing the Liberty profile environment 352
Administering the Liberty profile from the
command prompt . . . . . . . . . . . 353
Adding and removing Liberty features . . . . 368
Using include elements, variables, and Ref tags
in configuration files . . . . . . . . . . 370
Controlling dynamic updates . . . . . . . 374
Configuring class loaders and libraries for Java
EE applications . . . . . . . . . . . . 376
Configuring a web server plug-in for the Liberty
profile . . . . . . . . . . . . . . . 381
Configuring session persistence for the Liberty
profile . . . . . . . . . . . . . . . 384
Connecting to the Liberty profile by using JMX 386
Establishing a JMX MBean Liberty server
connection . . . . . . . . . . . . . 398
Configuring HPEL in the Liberty Profile . . . 399
Setting up the server-management environment
for the Liberty profile . . . . . . . . . 401
Administering data access applications on the
Liberty profile . . . . . . . . . . . . 407
Administering web applications on the Liberty
profile . . . . . . . . . . . . . . . 418
Chapter 8. Extending the Liberty
profile . . . . . . . . . . . . . . 419
Developing a Liberty feature for the Liberty profile 419
Developing a Liberty feature manually . . . . 419
Creating a Liberty feature by using developer
tools . . . . . . . . . . . . . . . 425
Developing an OSGi bundle with simple
activation. . . . . . . . . . . . . . 429
Composing advanced features by using OSGi
Declarative Services . . . . . . . . . . 434
Liberty profile: Resource location symbols . . . 441
Monitoring local files for changes . . . . . 442
Configuring tracing and logging for features in
the Liberty profile . . . . . . . . . . . 443
Chapter 9. Securing the Liberty profile
and its applications. . . . . . . . . 445
Getting started with security in the Liberty profile 445
Liberty profile: Quick overview of security . . 447
Setting up BasicRegistry and role mapping on
the Liberty profile . . . . . . . . . . . 448
Securing communications with the Liberty profile 449
Enabling SSL communication for the Liberty
profile . . . . . . . . . . . . . . . 449
Creating SSL certificates for your Liberty profile
using the Utilities menu . . . . . . . . . 455
Creating SSL certificates from the command
prompt . . . . . . . . . . . . . . 455
Configuring your web application and server
for client certificate authentication . . . . . 457
Authenticating users in the Liberty profile. . . . 459
Configuring a user registry for the Liberty
profile . . . . . . . . . . . . . . . 459
Configuring the authentication cache on the
Liberty profile . . . . . . . . . . . . 464
Configuring a JAAS custom login module for
the Liberty profile . . . . . . . . . . . 465
Configuring LTPA on the Liberty profile . . . 467
Customizing SSO configuration using LTPA
cookies for the Liberty profile . . . . . . . 468
Configuring RunAs authentication in the
Liberty profile . . . . . . . . . . . . 469
Configuring TAI for the Liberty profile . . . . 470
Authorizing access to resources in the Liberty
profile . . . . . . . . . . . . . . . . 472
Configuring authorization for applications on
the Liberty profile . . . . . . . . . . . 472
OAuth. . . . . . . . . . . . . . . 474
Configuring secure JMX connection to the Liberty
profile . . . . . . . . . . . . . . . . 492
Configuring web security related properties for the
Liberty profile . . . . . . . . . . . . . 493
Customizing SSO configuration using LTPA
cookies for the Liberty profile . . . . . . . 494
Configuring your web application and server
for client certificate authentication . . . . . 494
Configuring authentication aliases for the Liberty
profile . . . . . . . . . . . . . . . . 495
Setting up a Liberty profile to run in SP800-131 496
Developing extensions to the Liberty profile
security infrastructure . . . . . . . . . . 497
Developing a custom TAI for the Liberty profile 498
Developing JAAS custom login modules for a
system login configuration . . . . . . . . 499
Customizing an application login to perform an
identity assertion using JAAS . . . . . . . 503
Developing a custom user registry for the
Liberty profile . . . . . . . . . . . . 504
Securing web services . . . . . . . . . . 505
Securing web services at the message level . . 505
Web services security HTTPS transport policy
assertions. . . . . . . . . . . . . . 516
Chapter 10. Deploying applications to
the Liberty profile . . . . . . . . . 517
Adding and running an application on the Liberty
profile by using developer tools . . . . . . . 519
Publishing your application by using developer
tools . . . . . . . . . . . . . . . 520
Packaging a Liberty profile server from the
command prompt . . . . . . . . . . . . 522
Using JNDI binding for constants from the server
configuration files . . . . . . . . . . . . 523
Deploying OSGi applications to the Liberty profile 524
Sharing common OSGi bundles for the Liberty
profile . . . . . . . . . . . . . . . 524
Contents v
Deploying data access applications to the Liberty
profile . . . . . . . . . . . . . . . . 525
Deploying an existing JDBC application to the
Liberty profile . . . . . . . . . . . . 525
Enabling JDBC Tracing for the Liberty profile 526
Deploying a web application to the Liberty profile 529
Deploying a JPA application to the Liberty profile 530
Deploying web services applications to the Liberty
profile . . . . . . . . . . . . . . . . 531
Deploying JAX-RS applications to the Liberty
profile . . . . . . . . . . . . . . . 531
Deploying a messaging application to the Liberty
profile . . . . . . . . . . . . . . . . 534
Chapter 11. Monitoring the Liberty
profile . . . . . . . . . . . . . . 537
Liberty profile: JVM monitoring . . . . . . . 537
Liberty profile: Web application monitoring . . . 538
Liberty profile: ThreadPool monitoring . . . . . 539
Liberty profile: JAX-WS monitoring . . . . . . 540
Liberty profile: Sessions monitoring . . . . . . 541
Chapter 12. Tuning the Liberty profile 543
Chapter 13. Liberty profile:
Troubleshooting tips . . . . . . . . 547
Liberty profile: Trace and logging . . . . . . 552
Liberty profile: Timed operations and JDBC calls 554
Liberty profile: High Performance Extensible
Logging (HPEL) . . . . . . . . . . . . 556
LogViewer command-line tool . . . . . . . 560
Configuring HPEL in the Liberty Profile . . . 563
Liberty profile: Runtime environment known
restrictions . . . . . . . . . . . . . . 566
Liberty profile: Developer Tools known restrictions 570
Liberty profile: Messages . . . . . . . . . 571
Notices . . . . . . . . . . . . . . 575
Trademarks . . . . . . . . . . . . . . 577
Sending your comments to IBM . . . 579
vi IBM WebSphere Application Server: V8.5.Next Beta
Chapter 1. IBM WebSphere Application Server Developer
Tools for Eclipse, Version 9.0 Beta overview
Distributed operating systems
IBM
WebSphere
<include location="more.xml"/>
<include location="evenmore.xml"/>
extra.xml
more.xml
evenmore.xml
<include location="extra.xml"/>
server.xml
Config defaults
Config metadata
injects merged
config into bundles
reads default
config from bundles
merges user
config over
defaults
optional
includes
Kernel bundle
OSGi Configuration
Admin
Config defaults
Config metadata
Feature bundle
Figure 4. Configuration management
8 IBM WebSphere Application Server: V8.5.Next Beta
Table 1. Java EE 6 support by profile (continued).
A list of Java EE technologies, subdivided into sections for web services, web applications, enterprise applications,
management and security, and Java EE-related specifications in Java SE. For each technology there is a
specification reference, and an indication of whether the technology is supported by the full profile, and by the Liberty
profile.
Technology Specification reference Full profile Liberty profile
Java API for XML-Based Web
Services (JAX-WS) 2.2
JSR 224
operating system.
If this option is combined with -latestInstance, -instance is ignored.
-latestInstance
Use this option to retrieve the log and trace data from the most recent server
instance. If this option is used with the -instance option, the -instance option is
ignored.
-message match_string
Use this option to retrieve only log or trace data with a message field that
matches the requested text.
-includeExtensions name[=value][,name[=value]]*
Use this option to retrieve the log and trace data with an extension name that
matches the requested name, and an extension value that matches the
requested value. You can also use this option to retrieve the log and trace data
with an extension name that matches the requested name, and an extension
value that matches any value, if you omit the =value part of the option.
Any extension name shown in the advanced format can be used. Note that
'source', 'class', and 'method' are not stored in the log/trace repositories as
extensions, and so cannot be filtered on with this option.
Separate multiple name=value arguments with a comma. Specify '==' (two
equals signs) in place of '=' (one equals sign) in cases where the name or value
must contain an equal sign. Specify ',,' (two commas) in place of ',' (one
comma) in cases where the name or value must contain a comma.
-encoding character_set
Specifies the character set that the LogViewer command will use for text
output.
Filtering considerations
Be aware of LogViewer filtering optimizations. The LogViewer tool is able to filter
log and trace data most efficiently when used with the following filter options:
v startDate
v stopDate
v thread
Chapter 2. The Liberty profile 57
v level
v minLevel
v maxLevel
Example usage
See the following examples of LogViewer commands used with full profile servers
on UNIX-based systems. The examples show how to run LogViewer from the
profile bin directory where the repositoryDir parameter is not required.
v Write all records in the default repository between July 19th, 2009 and August
2nd, 2009 to a file called /tmp/promo.logs.
logViewer.sh -outLog /tmp/promo.logs -startDate 07/19/2009 -stopDate 08/02/2009
v Display new records whose specified level is WARNING or higher using the
advanced format as the server writes them to the log repository.
logViewer.sh -monitor -minLevel WARNING -format advanced
v Write only those log messages that were written to the error stream of a specific
repository to a file called logged_errors.txt.
logViewer.sh -repositoryDir /apps/server1/logs -includeLoggers SystemErr -outLog logged_errors.txt
v View events from the default repository that occurred before September 14th,
2009 4:28 PM eastern daylight time.
logViewer.sh -stopDate "09/14/2009 16:28:00:000 EDT"
v Write events from the default repository that contain a 'thread' extension with
value 'WebContainer : 6'
logViewer.sh -includeExtensions thread="WebContainer : 6" -format advanced
v Write events from the default repository that were a part of the request with
requestID a856cb2c-79ed-4d62-a3cf-a9908b2db07b.
logViewer.sh -includeExtensions requestID=a856cb2c-79ed-4d62-a3cf-a9908b2db07b
v Write events from the default repository that were created on a thread servicing
the PlantsByWebSphere application.
logViewer.sh -includeExtensions appName=PlantsByWebSphere
MongoDB databases
MongoDB (from humongous) is a scalable, high-performance, open source
NoSQL database. The Liberty profile provides configuration support for MongoDB
Java driver Version 2.10.0 or later.
The Liberty profile provides a mongo-2.0 feature that you can use to configure
MongoDB instances and associated database connections for your applications.
Access to MongoDB connections is available either by Java Naming and Directory
Interface (JNDI) lookup or resource injection, as with other product resources. All
actual database manipulation is performed by the native com.mongodb API.
The MongoDB server and client MongoDB driver are not available with the
product. You must download, install, and configure the MongoDB database servers
and client drivers.
58 IBM WebSphere Application Server: V8.5.Next Beta
Chapter 3. End-to-end paths for the Liberty profile
Start here for step-by-step guidance in working with the WebSphere Application
Server Liberty profile. Identify the scenario that most closely matches your own
project goal, then follow one of the paths through the scenario to reach your goal.
Procedure
Enabling JMS messaging for the Liberty profile.
v Enabling JMS messaging for a single Liberty profile server.
v Enabling JMS messaging between two Liberty profile servers on page 62.
Enabling JMS messaging for the Liberty profile
You use the jmsMessaging and jmsServer Liberty features to enable the Java
Message Service (JMS) on a single server. To enable JMS messaging between two
servers, you also add the jmsComms feature. To make the jmsServer feature work in
a secure mode, you add the jmsSecurity feature. To also use SSL when passing
messages between two servers, you add the ssl feature.
Procedure
v Enabling JMS messaging for a single Liberty profile server
v Enabling JMS messaging between two Liberty profile servers on page 62
Enabling JMS messaging for a single Liberty profile server
You can configure the wasJMSClient-1.1 and wasJMSServer-1.0 Liberty features in
the same server. In this scenario, the application is deployed on the same server
where the Messaging Engine and the JMS resources exist. You can also configure
the wasJMSSecurity-1.0 feature to make the wasJMSServer-1.0 feature work in a
secure mode.
Procedure
v Configure the sending and receiving of messages to and from a queue.
1. Configure the Messaging Engine to create a Queue called Queue1.
<queue id="QUEUE1"
forceReliability="ReliablePersistent"
exceptionDestination="SEND_TO_EXCEPTION_DESTINATION"
redeliveryInterval="60"
maxRedeliveryCount="20"
sendAllowed="true"
receiveAllowed="true"
maintainStrictOrder="true"
maxQueueDepth="5000">
</queue>
2. Declare a QueueConnectionFactory Resource to create a connection to the
Messaging Engine.
Copyright IBM Corp. 2011, 2013 59
<jmsQueueConnectionFactory jndiName="eis/queuecf" connectionManagerRef="ConMgr2">
<properties.jms.QueueConnectionFactory
userName="user1"
clientID="clientId"
nonPersistentMapping="ExpressNonPersistent"
password="password"
persistentMapping="ReliablePersistent"
readAhead="Default"
temporaryQueueNamePrefix="tempor" />
</jmsQueueConnectionFactory>
<connectionManager id="ConMgr2" maxPoolSize="2"/>
3. Declare a Queue Resource to create a Producer/Consumer session to the
Queue Queue1.
<jmsQueue jndiName="eis/queue1">
<properties.jms.Queue queueName="QUEUE1"
deliveryMode="Application"
timeToLive="500000"
priority="1"
readAhead="AsConnection" />
</jmsQueue>
v Configure publish and subscribe messaging from a Topicspace.
1. Configure the Messaging Engine to create a Topicspace called TopicSpace1.
<topicSpace id="TopicSpace1"
forceReliability="ReliablePersistent"
exceptionDestination="SEND_TO_EXCEPTION_DESTINATION"
redeliveryInterval="60"
maxRedeliveryCount="20"
sendAllowed="true"
receiveAllowed="true"
maintainStrictOrder="true"
maxQueueDepth="5000">
</topicSpace>
2. Declare a TopicConnectionFactory Resource to create a connection to the
Messaging Engine.
<jmsTopicConnectionFactory jndiName="eis/topiccf" connectionManagerRef="ConMgr1">
<properties.jms.TopicConnectionFactory userName="user1"
clientID="clientId"
nonPersistentMapping="ExpressNonPersistent"
password="password"
persistentMapping="ReliablePersistent"
readAhead="Default"
temporaryQueueNamePrefix="tempor" />
</jmsTopicConnectionFactory>
<connectionManager id="ConMgr1" maxPoolSize="2"/>
3. Declare a Topicspace Resource to create a Publisher/Subscriber session to the
TopicSpace TopicSpace1.
<jmsQueue jndiName="eis/queue1">
<properties.jms.Queue queueName="QUEUE1"
deliveryMode="Application"
timeToLive="500000"
priority="1"
readAhead="AsConnection" />
</jmsQueue>
v Optional: Make the jmsServer feature work in a secure mode.
Enabling secure JMS messaging for the Liberty profile
The JMSSecurity-1.0 Liberty feature makes the jmsServer-1.0 feature work in a
secure mode.
Before you begin
The JMSSecurity-1.0 feature is always used with the jmsServer-1.0 feature.
Configuring the user registry is a prerequisite for the jmsSecurity-1.0 feature.
Ensure that a user registry is configured before the jmsSecurity-1.0 feature is
enabled.
60 IBM WebSphere Application Server: V8.5.Next Beta
About this task
The wasJMSSecurity-1.0 feature supports secure connections to the messaging
engine. When the wasJMSSecurity-1.0 feature is enabled, it starts authenticating
and authorizing the users who are trying to connect to the messaging engine. The
user is authenticated against the registry that is defined in the server.xml file.
When the user wants to access a destination such as a topic or a queue for a
particular role, the user must have the access to that destination. The access to the
destination is defined in the <messagingSecurity> element in the server.xml file. If
the wasJMSSecurity-1.0 feature is added and the <messagingSecurity> element is
missing in the server.xml file, then the users can neither connect to the messaging
engine nor perform any messaging action (for example, sending or receiving
messages from the destinations).
When you enable the jmsSecurity-1.0 feature, you must also configure the
<messagingSecurity> element in the server.xml file. This enables authorized users
to access messaging destinations.
Procedure
1. Configure a user registry.
Three types of registries are supported in the Liberty profile:
v QuickStartSecurity (which supports only one User)
v Basic user registry (which is part of the product, supports multiple Users,
and allows you to declare groups)
v LDAP Registries (which are external to the product. Examples include the
Microsoft Active Directory, and the IBM Directory Server).
See Configuring a user registry for the Liberty profile on page 459.
Here is a sample configuration for the basic user registry:
<basicRegistry id="basic" realm="customRealm">
<user name="user1" password="user1pwd" />
<user name="user2" password="user2pwd" />
<user name="user3" password="user3pwd" />
<user name="user4" password="user4pwd" />
<user name="user5" password="user5pwd" />
<user name="user6" password="user6pwd" />
<user name="user7" password="user7pwd" />
<user name="user8" password="user8pwd" />
<group name="Developers">
<member name="user2" />
<member name="user4" />
</group>
<group name="Testers">
<member name="user8" />
<member name="user7" />
</group>
</basicRegistry>
2. Configure the MessagingSecurity tag to restrict users from accessing the
destinations.
By default, none of the users have any permission on any of the destinations
that are defined in the Messaging Engine. When you configure the
MessagingSecurity tag, you assign permission based on what the administrator
has defined. Regular expressions are supported for the MessagingSecurity
Permission tag. Here is a sample configuration:
<messagingSecurity>
<role name="developer">
<permission name="QUEUE1" actions="SEND,BROWSE"/>
Chapter 3. End-to-end paths for the Liberty profile 61
<permission name="T.*" actions="ALL"/>
<user name="user1" />
<user name="user3" />
<group name="Developers" />
</role>
<role name="tester">
<permission name="QUEUE1" actions="BROWSE"/>
<permission name="TopicSpace1" actions="RECEIVE"/>
<user name="user5" />
<user name="user6" />
<group name="Testers" />
</role>
</messagingSecurity>
In the previous configuration, user1, user3 and Developers have SEND and
BROWSE permission on QUEUE1, and ALL permission on the destinations matching
the T.* regular expression. Similarly user5, user6 and the Testers group have
BROWSE permission on QUEUE1 and have RECEIVE permission on TopicSpace1.
The following example grants user1, user3 and Developers ALL permissions on
all the destinations:
<messagingSecurity>
<role name="DEFAULT">
<permission name=".*" actions="ALL"/>
<user name="user1" />
<user name="user3" />
<group name="Developers" />
</role>
</messagingSecurity>
3. Connect to the Messaging Engine using a authenticated user, and perform an
operation based on the authorization permissions which are declared by the
administrator.
4. Optional: While connecting to the Messaging Engine, specify UserName and
Password in the createConnection call.
Here is the syntax:
[createConnection(userName, password)]
Enabling JMS messaging between two Liberty profile servers
You can configure the wasJMSClient-1.1 Liberty feature on one server, which acts
as client, and configure the wasJMSServer-1.0 feature on a different server. For
inter-server communication to work, you also have to add the JMSComms-1.0
feature on the server side. You can also configure the wasJMSSecurity-1.0 feature
to make the wasJMSServer-1.0 feature work in a secure mode, and configure the
ssl-1.0 feature to enable SSL communication between the two servers.
Procedure
v Configure the client side.
To enable the wasJMSClient-1.1 feature at the client side, configure the following
two properties in the ConnectionFactory:
connectionName="localhost:7276:BootstrapBasicMessaging"
This property specifies the server which needs to be contacted, where
the messaging engine exists. It is declared in the following manner:
<hostname>:<port>:<mode>
62 IBM WebSphere Application Server: V8.5.Next Beta
Where <hostname> is the name of the host where the messaging engine is
running; <port> is the JMS inbound port which is configured at the
server side in a later step; <mode> is BootstrapBasicMessaging if SSL is
not being used, and BootStrapSecureMessaging if SSL is being used.
targetTransport="CLIENT"
This property specifies the behaviour of the Client when it tries to
connect to the messaging engine. There are three options:
BINDING
Specifies that the application should connect to a Messaging
Engine which exists locally. If it does not find a Messaging
Engine locally, the connection will fail.
CLIENT
Specifies that the application should connect to the Messaging
Engine which is declared in the ConnectionName property (a
remote Messaging Engine). If it cannot connect to the Messaging
Engine, the connection will fail.
BINDING_THEN_CLIENT
In this mode, the application first tries to connect to a Messaging
Engine which exists locally. If it does not find a Messaging
Engine locally, the application looks up the ConnectionName then
tries to connect to the remote Messaging Engine.
Note: If a value for targetTransport is not specified, then the
BINDING_THEN_CLIENT option is used by default.
The Client is deployed in this server.
v Configure the server side.
1. Enable the JMSComms-1.0 feature in the server.xml file. This in turn enables
the wasJMSServer-1.0 feature.
2. Define the JMS connection port.
Use the following tag: <jmsCommsEndpoint id="InboundJmsCommsEndpoint"
host="*" jmsPort="7276" jmsSSLPort="7286" />
This tag defines an Inbound JMS Comms Endpoint, to which the JMS Client
applications can connect by using the jmsPort if SSL is not being used, and
by using the jmsSSLPort if SSL is being used. The port number is the one
that you specified in the connectionName property on the Client side.
The Messaging Engine runs in this server.
v Optional: Make the jmsServer feature work in a secure mode.
v Optional: Enable SSL communication between the two servers.
See Securing communications with the Liberty profile on page 65.
Enabling secure JMS messaging for the Liberty profile
The JMSSecurity-1.0 Liberty feature makes the jmsServer-1.0 feature work in a
secure mode.
Before you begin
The JMSSecurity-1.0 feature is always used with the jmsServer-1.0 feature.
Chapter 3. End-to-end paths for the Liberty profile 63
Configuring the user registry is a prerequisite for the jmsSecurity-1.0 feature.
Ensure that a user registry is configured before the jmsSecurity-1.0 feature is
enabled.
About this task
The wasJMSSecurity-1.0 feature supports secure connections to the messaging
engine. When the wasJMSSecurity-1.0 feature is enabled, it starts authenticating
and authorizing the users who are trying to connect to the messaging engine. The
user is authenticated against the registry that is defined in the server.xml file.
When the user wants to access a destination such as a topic or a queue for a
particular role, the user must have the access to that destination. The access to the
destination is defined in the <messagingSecurity> element in the server.xml file. If
the wasJMSSecurity-1.0 feature is added and the <messagingSecurity> element is
missing in the server.xml file, then the users can neither connect to the messaging
engine nor perform any messaging action (for example, sending or receiving
messages from the destinations).
When you enable the jmsSecurity-1.0 feature, you must also configure the
<messagingSecurity> element in the server.xml file. This enables authorized users
to access messaging destinations.
Procedure
1. Configure a user registry.
Three types of registries are supported in the Liberty profile:
v QuickStartSecurity (which supports only one User)
v Basic user registry (which is part of the product, supports multiple Users,
and allows you to declare groups)
v LDAP Registries (which are external to the product. Examples include the
Microsoft Active Directory, and the IBM Directory Server).
See Configuring a user registry for the Liberty profile on page 459.
Here is a sample configuration for the basic user registry:
<basicRegistry id="basic" realm="customRealm">
<user name="user1" password="user1pwd" />
<user name="user2" password="user2pwd" />
<user name="user3" password="user3pwd" />
<user name="user4" password="user4pwd" />
<user name="user5" password="user5pwd" />
<user name="user6" password="user6pwd" />
<user name="user7" password="user7pwd" />
<user name="user8" password="user8pwd" />
<group name="Developers">
<member name="user2" />
<member name="user4" />
</group>
<group name="Testers">
<member name="user8" />
<member name="user7" />
</group>
</basicRegistry>
2. Configure the MessagingSecurity tag to restrict users from accessing the
destinations.
By default, none of the users have any permission on any of the destinations
that are defined in the Messaging Engine. When you configure the
MessagingSecurity tag, you assign permission based on what the administrator
64 IBM WebSphere Application Server: V8.5.Next Beta
has defined. Regular expressions are supported for the MessagingSecurity
Permission tag. Here is a sample configuration:
<messagingSecurity>
<role name="developer">
<permission name="QUEUE1" actions="SEND,BROWSE"/>
<permission name="T.*" actions="ALL"/>
<user name="user1" />
<user name="user3" />
<group name="Developers" />
</role>
<role name="tester">
<permission name="QUEUE1" actions="BROWSE"/>
<permission name="TopicSpace1" actions="RECEIVE"/>
<user name="user5" />
<user name="user6" />
<group name="Testers" />
</role>
</messagingSecurity>
In the previous configuration, user1, user3 and Developers have SEND and
BROWSE permission on QUEUE1, and ALL permission on the destinations matching
the T.* regular expression. Similarly user5, user6 and the Testers group have
BROWSE permission on QUEUE1 and have RECEIVE permission on TopicSpace1.
The following example grants user1, user3 and Developers ALL permissions on
all the destinations:
<messagingSecurity>
<role name="DEFAULT">
<permission name=".*" actions="ALL"/>
<user name="user1" />
<user name="user3" />
<group name="Developers" />
</role>
</messagingSecurity>
3. Connect to the Messaging Engine using a authenticated user, and perform an
operation based on the authorization permissions which are declared by the
administrator.
4. Optional: While connecting to the Messaging Engine, specify UserName and
Password in the createConnection call.
Here is the syntax:
[createConnection(userName, password)]
Securing communications with the Liberty profile
You can configure the Liberty profile server to provide secure communications
between a client and the server.
About this task
To configure secure communications, you can either specify a minimal SSL
configuration or a detailed SSL configuration in the server.xml file. The minimal
configuration only requires the SSL feature and a keystore entry to be specified. In
the ${wlp.install.dir}/templates/config directory of the Liberty profile, there is
an sslConfig.xml file that contains several examples of SSL configurations.
The SSL configuration that is designated as the
default SSL configuration is used to create the process's default SSLContext using
the SSLContext.setDefault() method. The default SSL configuration can be the
minimal SSL configuration, or the configuration identified by the sslRef attribute
on the sslDefault element if multiple SSL configurations are defined. Because the
Chapter 3. End-to-end paths for the Liberty profile 65
default SSLContext is set on the process, the javax.net.ssl.keyStore and
javax.net.ssl.trustStore properties will not be recognized.
Procedure
v Enable SSL communications between a client and a Liberty profile server
v Optional: Create a keystore from the command prompt
v Optional: Encode passwords from the command prompt
v Optional: Configure client certificate authentication between your application
and the Liberty profile server
66 IBM WebSphere Application Server: V8.5.Next Beta
Chapter 4. Migrating applications to the Liberty profile
This section provides information about how to migrate applications to the Liberty
profile.
Procedure
Migrate data access applications to the Liberty profile.
Migrating data access applications to the Liberty profile
For data access applications, you need to change configurations when you migrate
a data source from the WebSphere Application Server full profile to the Liberty
profile.
Procedure
v Configuration differences between the full profile and Liberty profile:
dataSource and jdbcDriver elements.
v Configuration differences between the full profile and Liberty profile:
connectionManager element on page 68.
v Migrating a DB2 data source to the Liberty profile on page 69.
v Migrating a Derby embedded data source to the Liberty profile on page 71.
Configuration differences between the full profile and Liberty
profile: dataSource and jdbcDriver elements
This page identifies some differences in configuration between dataSource in the
Liberty profile and data sources in the full profile.
v Data source properties with different names
ifxIFX_LOCK_MODE_WAIT, which is informixLockModeWait in the full profile.
supplementalJDBCTrace, which is supplementalTrace in the full profile.
v Data source properties with different values
beginTranForResultSetScrollingAPIs, which is true by default in the Liberty
profile
beginTranForVendorAPIs, which is true by default in the Liberty profile
connectionSharing, which is MatchOriginalRequest by default in the Liberty
profile
statementCacheSize, which is 10 by default in the Liberty profile
v connectionSharing property of data sources
The Liberty profile allows connectionSharing to be configured to either
MatchOriginalRequest or MatchCurrentState. By default, it is
MatchOriginalRequest.
The full profile allows connectionSharing to be configured in a finer grained
manner, where individual connection properties can be matched based on the
original connection request or the current state of the connection. In the full
profile, connectionSharing is a combination of bits representing which
connection properties to match based on the current state of the connection.
In the full profile, a value of 0 means to match all properties based on the
original connection request; a value of -1 means to match all properties based
Copyright IBM Corp. 2011, 2013 67
on the current state of the connection. The default value for the full profile is
1, which means that the isolation level is matched based on the current state
of the connection and all other properties are matched based on the original
connection request.
v Time duration properties of data source
Time duration properties can optionally be specified with units in the Liberty
profile. For example,
<dataSource id="informix" jndiName="jdbc/informix" queryTimeout="5m" ...>
<properties.informix ifxIFX_LOCK_MODE_WAIT="120s" .../>
</dataSource>
See Liberty profile: Configuration elements in the server.xml file on page 97
for accepted time units and formats of dataSource element. Omitting the units in
the Liberty profile is equivalent to the default units used in the full profile.
v Configuration for JDBC drivers
In the Liberty profile, you can take the same approach of configuring different
jdbcDriver elements for XA capable and non-XA capable data source
implementation classes. Alternatively, you can use a single jdbcDriver
element for both. Defining multiple jdbcDriver elements does not cause
different class loaders to be used. In the Liberty profile, jdbcDriver elements
always use the class loader of the shared library with which they are
configured.
In the full profile, a JDBC provider is defined to point to the JDBC driver
JARs, compressed files, and native files. You must define separate JDBC
providers for XA capable and non-XA capable data source implementation
classes.
For some of the commonly used JDBC drivers, the Liberty profile infers the data
source implementation class names based on the names the driver JARs.
Therefore, you can omit the implementation class names. For example:
<jdbcDriver id="Derby" libraryRef="DerbyLib"/>
<library id="DerbyLib">
<fileset dir="C:/Drivers/derby" includes="derby.jar" />
</library>
Use the optional properties of the default implementation classes to override
these classes such as javax.sql.DataSource,
javax.sql.ConnectionPoolDataSource, and javax.sql.XADataSource.
The following example shows how to override the default
javax.sql.XADataSource and javax.sql.ConnectionPoolDataSource
implementations that the Liberty profile selects
<jdbcDriver id="Derby" libraryRef="DerbyLib"
javax.sql.XADataSource="org.apache.derby.jdbc.EmbeddedXADataSource"
javax.sql.ConnectionPoolDataSource="org.apache.derby.jdbc.EmbeddedConnectionPoolDataSource"/>
<library id="DerbyLib">
<fileset dir="C:/Drivers/derby" includes="derby.jar" />
</library>
See Liberty profile: Configuration elements in the server.xml file on page 97
for more information about the jdbcDriver element.
Configuration differences between the full profile and Liberty
profile: connectionManager element
This page identifies some differences in configuration between connectionManager
in the Liberty profile and connection pools in the full profile.
v Properties with different names
maxConnectionsPerThread, which is maxNumberofMCsAllowableInThread in the
full profile.
68 IBM WebSphere Application Server: V8.5.Next Beta
maxIdleTime, which is unusedTimeout in the full profile.
maxPoolSize, which is maxConnections in the full profile.
minPoolSize, which is minConnections in the full profile.
v Time duration properties
You can optionally specify the time duration properties with units in the Liberty
profile. For example,
<connectionManager id="pool1" connectionTimeout="30s" reapTime="3m" maxIdleTime="30m"/>
See Liberty profile: Configuration elements in the server.xml file on page 97
for accepted time units and formats for the connectionManager element. If you
do not specify time units in the Liberty profile, the same default units are used
as in the full profile.
v Differences between immediate timeout values and never (disable) timeout
There are differences in the values that represent immediate timeout and never
(disabled) timeout.
The Liberty profile uses a value of 0 to represent immediate, whereas the full
profile often uses -1 for immediate.
The Liberty profile uses a value of -1 to represent never (disabled), whereas
the full profile often uses 0 for never (disabled).
Specifically this applies to the following attributes:
agedTimeout
connectionTimeout
maxIdleTime, which is unusedTimeout in the full profile
reapTime
v Purge policy changes
In the Liberty profile , there are three purge policy values: EntirePool,
FailingConnectionOnly, and ValidateAllConnections.
In the full profile, there are two purge policy values: EntirePool and
FailingConnectionOnly, with a second property,
defaultPretestOptimizationOverride, determining the behavior of
FailingConnectionOnly.
Purge policies in the Liberty profile, and their full profile equivalents, are as
follows:
purgePolicy="EntirePool", which is the same for both.
purgePolicy="FailingConnectionOnly", which is equivalent to
purgePolicy="FailingConnectionOnly" with
defaultPretestOptimizationOverride="false" in the full profile.
purgePolicy="ValidateAllConnections", which is equivalent to
purgePolicy="FailingConnectionOnly" with
defaultPretestOptimizationOverride="true" in the full profile.
Migrating a DB2 data source to the Liberty profile
You can migrate a DB2
. The Liberty profile is included with these editions, and can also
be downloaded separately, as an edition-specific archive file, from Passport
Advantage
Windows
For Windows:
-vm
<WebSphere Application Server V8.5, V8.0 or V7.0 installation directory>\java\jre\bin\javaw.exe
Linux
For Linux:
78 IBM WebSphere Application Server: V8.5.Next Beta
-vm
<WebSphere Application Server V8.5, V8.0 or V7.0 installation directory>/java/jre/bin/java
8. Save and close the eclipse.ini file.
9. Restart the workbench.
v Optional: To enhance local server support, complete the following steps:
1. Close the workbench.
2. Locate and back up the config.ini file in the <Eclipse installation
directory>\eclipse\configuration directory, where <Eclipse installation
directory> is the directory where you installed Eclipse.
3. Open the config.ini file in a text editor.
4. Locate the line eclipse.product=org.eclipse.sdk.ide and replace it with the
following line:
eclipse.product=com.ibm.websphere.wdt.product.site.ide
5. Delete the following line:
eclipse.application=org.eclipse.ui.ide.workbench
6. Locate the line osgi.splashPath=platform\:/base/plugins/
org.eclipse.platform and replace it with the following line:
osgi.splashPath=platform\:/base/plugins/com.ibm.websphere.wdt.product.site
7. Save and close the config.ini file.
8. Modify the eclipse.ini file:
a. In the <Eclipse installation directory>\eclipse directory, open the
eclipse.ini file in a text editor. <Eclipse installation directory> is the
directory where you installed Eclipse.
b. Delete the following lines:
-showsplash
org.eclipse.platform
c. Delete the following lines, if they exist:
-product
org.eclipse.epp.package.jee.product
d. Save and close the eclipse.ini file.
9. Restart the workbench.
What to do next
If you have not already installed the Liberty profile runtime environment, you can
use the tools to download and install it for you when you create a server for the
first time. See Creating a Liberty profile server by using developer tools on page
93.
You might also want to install Maven Integration for Eclipse.
Installing Maven Integration for Eclipse
You can install tools for developing Apache Maven projects in the workbench.
Procedure
To install the Maven tools support:
1. Start your Eclipse IDE for Java EE Developers workbench.
2. Click Help > Install new software.
3. In the Available Software window, click Available Software Sites.
4. Click Add.
Chapter 5. Installing the Liberty profile 79
5. In the Add Repository window, click Archive.
6. Browse to the location of the .zip file of IBM WebSphere Application Server
Developer Tools for Eclipse. Select the file and then click Open.
7. In the Add Repository window, click OK.
8. In the Available Software window, clear Group items by category.
9. In the filter text field, type maven.
10. Select Maven Tools Support.
11. In the Available Software window, click Available Software sites.
12. Select http://download.eclipse.org/m2e-wtp/releases/ and then click Enable.
13. Click OK.
14. Click Next.
15. On the Review Licenses page, review the license text. If you agree to the
terms, click I accept the terms of the license agreement and then click Finish.
The installation process starts.
16. When the installation process completes, restart the workbench.
System requirements for WebSphere Application Server
Developer Tools for Eclipse
Supported platforms
The following tables list the supported platforms for IBM(r) WebSphere(r)
Application Server Developer Tools for Eclipse 9.0 Beta:
Table 6. Supported Linux operating systems
Hardware Operating system
Desktop
v x86-32
v x86-64
SUSE (SLED) Desktop 11.x
SUSE (SLED) Desktop 10.x
Ubuntu 12.04 LTS
Red Hat Desktop 5.x
Red Hat Desktop 6.x
Server
v x86-32
v x86-64
Red Hat Enterprise Server 6.x
Red Hat Enterprise Server 5.x
SUSE Enterprise Server 11.x
SUSE Enterprise Server 10.x
Table 7. Supported Microsoft Windows operating systems
Hardware Operating system Editions
v x86-32
v x86-64
Windows 7
v Professional
v Enterprise
v Ultimate
80 IBM WebSphere Application Server: V8.5.Next Beta
Table 7. Supported Microsoft Windows operating systems (continued)
Hardware Operating system Editions
v x86-32
v x86-64
Windows Vista
v Professional
v Enterprise
v Ultimate
v x86-32
v x86-64
Windows Server 2003
v Standard
v Enterprise
v x86-32
v x86-64
Windows Server 2008
v Standard
v Enterprise
Table 8. Supported Mac OS versions
Hardware Operating system
Intel based Mac OS X 10.7 (Lion)
Mountain Lion (10.8)
Table 9. Hosted development environments
Product Version
Citrix Presentation Server 6
Presentation Server 5
Eclipse workbench requirements
You install WebSphere Application Server Developer Tools for Eclipse into an
Eclipse workbench that is already installed on your computer.
Your Eclipse workbench must be Eclipse IDE for Java EE Developers 4.2.2 RC1
(Juno SR2-RC1). for one of the following operating systems:
v Windows (32-bit)
v Windows (64-bit)
v Linux (32-bit)
v Linux (64-bit)
v OSX (32-bit)
v OSX (64-bit)
Chapter 5. Installing the Liberty profile 81
Runtime environment for Java (JRE) requirements
The required JRE depends on the features that you are installing:
If you are installing any of the WebSphere
Application Server Tools features for
versions 8.5, 8.0 or 7.0
If you are NOT installing any of the
WebSphere Application Server Tools
features for versions 8.5, 8.0 or 7.0
v IBM Runtime Environment for Windows,
Java Technology Edition, Version 6.0 SR9
FP1 or later.
v IBM Runtime Environment for Linux, Java
Technology Edition, Version 6.0 SR9 FP1
or later.
v IBM Runtime Environment for Windows,
Java Technology Edition, Version 7.0 GA
or later.
v IBM Runtime Environment for Linux, Java
Technology Edition, Version 7.0 GA or
later.
Tip: The IBM Runtime Environment for
Windows or Linux, Java Technology Edition
Version 6.0 is included with WebSphere
Application Server version 8.5, 8.0 and
version 7.0. It is located in the following
directory <WebSphere Application Server
installation directory>/java/jre
Tip: The IBM Runtime Environment for
Windows or Linux, Java Technology Edition
Version 7.0 is optionally installed with
WebSphere Application Server version 8.5. If
installed, it is located in the following
directory:<WebSphere Application Server
installation directory>/java_1.7_32/jre
Any Java 6+ or Java 7+ runtime
environment
The following versions work well:
v IBM Runtime Environment for Windows
or Linux, Java Technology Edition, Version
7.0 GA OR later.
v IBM Runtime Environment for Windows
or Linux, Java Technology Edition, Version
6.0 SR9 FP1 or later.
v Oracle Java Platform Standard Edition
Runtime Environment Version 7.0 latest
Update available.
v Oracle Java Platform Standard Edition
Runtime Environment Version 6.0 latest
Update available.
Tip: IBM Developer Kits and Runtime
Environments are available at:
http://www.ibm.com/developerworks/
java/jdk/
Requirements for installing into Eclipse 3.8.1
Important: If you are installing the product into computer will not be connected
to the Internet during the installation, then you must download and install
prerequisite Eclipse files before you install WebSphere Application Server
Developer Tools for Eclipse.
1. Ensure that you have Eclipse 3.8.1 installed. You can download Eclipse 3.8.1
from the following web address: http://download.eclipse.org/eclipse/
downloads/drops/R-3.8.1-201209141540/.
2. Download the following files:
v Eclipse Modeling Framework (EMF) 2.8.1
v Graphical Editing Framework (GEF) 3.8.1
v Eclipse Data Tools Platform (DTP) 1.10.1
v EMF Transaction 1.6.0
v EMF Validation 1.6.0
v Graphiti
v Graphical Modeling Framework (GMF) 1.6.1
v Web Tools Platform (WTP) 3.4.1
82 IBM WebSphere Application Server: V8.5.Next Beta
3. For each compressed file that you downloaded in the previous step, extract the
contents of the file into the eclipse directory of your Eclipse 3.8.1 IDE. Ensure
that you preserve the structure of the extracted contents.
Tip: You can overwrite any files that have the same name.
For example, if your eclipse directory is located in the file path
C:\eclipse-SDK-3.8.1-win32\ , then you must extract the contents of each file
into the directory C:\eclipse-SDK-3.8.1-win32\.
When you are finished, the extracted files will be in the existing directories of
your Eclipse IDE:
v eclipse (For example, C:\eclipse-SDK-3.8.1-win32\eclipse.)
v eclipse\plugins (For example, C:\eclipse-SDK-3.8.1-win32\eclipse\
plugins.)
v eclipse\features (For example, C:\eclipse-SDK-3.8.1-win32\eclipse\
features.)
4. From a command line, restart your Eclipse IDE using the -clean option. For
example, C:\eclipse-SDK-3.8.1-win32\eclipse\eclipse.exe -clean
Installing the Liberty profile by extracting an archive file
Distributed operating systems
By running a self-extracting archive file that contains the distribution image, you
can install the Liberty profile and you are ready to create a server. For the
no-charge developer edition, you can download the archive file from the WASdev
community. For all other editions, you can use the archive file that is included with
each edition of WebSphere Application Server, or you can download an
edition-specific Liberty profile archive file from Passport Advantage.
Before you begin
You can install the Liberty profile by extracting an archive file as described in this
topic. For distributed platforms, you can also use the WebSphere Application
Server Developer Tools for Eclipse to install the profile as described in Installing
the Liberty profile developer tools and (optionally) the Liberty profile on page 73.
This topic assumes that your system meets the operating system and Java
requirements for using the Liberty profile. See System Requirements for WebSphere
Application Server v8.5 - Liberty.
Procedure
1. Get a copy of the distribution image:
v For the no-charge developer edition (with no IBM support), you can
download the archive file from the WASdev community download page.
v For all other editions, you can use the archive file that is included with each
edition of WebSphere Application Server.
v You can also download an edition-specific Liberty profile archive file,
including the developer edition with IBM support, from Passport Advantage
online.
2. Extract the distribution image to your preferred directory.
This image is packaged as an archive file called wlp-edition-version.jar. For
example:
Chapter 5. Installing the Liberty profile 83
v To extract the distribution image by using the wizard, run java -jar
wlp-edition-version.jar
v To extract the distribution image by accepting the license terms and
conditions silently, run java -jar wlp-edition-version.jar --acceptLicense
v To view all available options, run java -jar wlp-edition-version.jar -help
All the application server files are stored in subdirectories of the wlp directory.
3. Optional: Set the JAVA_HOME property for your environment.
The Liberty profile requires a JRE in which to run. You can specify the JDK or
JRE location using the JAVA_HOME property in the server.env file, as described
in Customizing the Liberty profile environment on page 352. On Linux or
UNIX systems, you can instead set JAVA_HOME in the user .bashrc file, or
append the JDK or JRE path to the PATH environment variable. On Windows
systems, you can instead set JAVA_HOME as a system environment variable, or
append the JDK or JRE path to the PATH system variable.
Distributed operating systems
For example, on Windows systems you can use the
following commands to set the JAVA_HOME property, and to add the Java /bin
directory to the path:
set JAVA_HOME=C:\Progra~1\Java\JDK16
set PATH=%JAVA_HOME%\bin;%PATH%
Notes:
v The Liberty profile runtime environment searches for the java command in
this order: JAVA_HOME property, JRE_HOME property, and system PATH property.
v For more information about supported Java environments, and where to get
them, see Minimum supported Java levels on page 566.
Applying a fix pack to a Liberty profile archive installation
Distributed operating systems
The Liberty profile offers a self-extracting archive-based installation as an
alternative to using IBM Installation Manager. If you installed the Liberty profile
by using the self-extracting archive, and want to upgrade to the latest fix pack
version, you can apply a new fix pack archive to a new location, and migrate any
required user files and server configuration data.
About this task
If you used IBM Installation Manager to install the Liberty profile, you must use
Installation Manager to apply a fix pack.
Important: You must apply a new fix pack archive to a new location. If you install
a fix pack to a previous installation location, you cannot back out the fix pack from
the previous installation location.
Procedure
1. Install the new runtime environment.
a. Optional: If you are overwriting your current installation, stop all servers
that are running on the system. This minimizes the risk of incompatible
behaviors occurring prior to the server being restarted.
v <liberty_VX>/bin/server stop <server_name>
84 IBM WebSphere Application Server: V8.5.Next Beta
If you are installing to a new location, you are not required to stop all
servers.
b. Copy or download the new fix pack archive onto the target system.
c. Launch the archive by using a Java command. You must use a Java
command because the archive is an executable JAR file. For example, to
install WebSphere Application Server V8.5.0.1 Liberty Profile for Developers,
run the following command:
v java -jar <downloaded_archive_location>/wlp-developers-8.5.0.1.jar
For more information about using a Java command to launch an archive,
see the instructions in Installing the Liberty profile by extracting an archive
file on page 83.
d. Review the license terms, and accept them to continue with the installation.
e. Select the installation location. To retain a backup of your original
environment, use a different location to where the previous version is
installed. If the same location is used, you cannot uninstall the fix pack and
return to your previous version.
2. Migrate any user data and server configurations. The Liberty profile defines
two locations for storing user-generated content and server configurations:
v WLP_USER_DIR; The location of server configuration files, including shared
resources.
v WLP_OUTPUT_DIR; The location of resources generated by the server. For
example, log files and temporary disk storage.
If the WLP_USER_DIR environment variable has been set on your system, then the
new runtime environment will continue to use the same location. This results
in no backup of server configuration data. To ensure that your server
configuration is backed up, copy the directory referenced by WLP_USER_DIR to a
new location on your file system. To protect the original environment, change
the value of WLP_USER_DIR to point to the new location. During uninstallation,
reset the value of WLP_USER_DIR to the location of the original server
configuration.
If WLP_USER_DIR has not been set, the server configuration and shared resources
are stored in the usr directory at the root of the server's runtime environment
(for example, <liberty_8501>/usr). During uninstallation of the runtime
environment, you can reset the WLP_USER_DIR environment variable.
If the WLP_OUTPUT_DIR environment variable is set on your system, the new
server also uses this location. This can result in old log files being overwritten.
To ensure that old log files are protected, either update or unset the
WLP_OUTPUT_DIR environment variable. During uninstallation, reset this value to
its original value.
If the WLP_OUTPUT_DIR value is not set, the default location is in the server root
directory (for example <liberty_8501>/usr/servers/<serverName>). If the new
runtime environment is installed to a new location, no updates are required
during installation or uninstallation because logs continue to appear under the
usr/servers/<serverName>/logs directory of each respective installation.
Note: If the server.xml file, or any included XML configuration file, references
another resource outside the server configuration directory, these resources
must also be copied across, or the references will need to be updated. This also
applies to any resources that the application references directly, such as
references to hardcoded paths on file systems. During uninstallation of the fix
pack, these values can be manually reset to their original values.
3. Start the new server.
Chapter 5. Installing the Liberty profile 85
v If you overwrote a previous installation, start all Liberty profile servers with
the --clean parameter as a launch option. For example, server start
--clean. You have to use the --clean option only once; all subsequent server
starts will not require it.
v If you did not overwrite a previous installation, run <liberty_VX+>/bin/
server start <server_name>.
Removing a fix pack from a Liberty profile archive installation
Distributed operating systems
If you installed the Liberty profile by using the self-extracting archive, you can
uninstall a fix pack from the Liberty profile runtime environment in a given
location by migrating any user data and server configurations to the previous
Liberty profile runtime environment in a different location, and deleting the fix
pack runtime environment.
Procedure
1. Stop all servers running on the system.
v <liberty_VX>/bin/server stop <server_name>
2. Migrate any user data and server configurations. For more information see the
Migrate any user data and server configurations step in the installation task.
3. Delete the fix pack runtime environment.
4. Start the servers.
v <liberty_VX->/bin/server start <server_name>
Applying an interim fix to a Liberty profile archive installation
Distributed operating systems
The Liberty profile offers a self-extracting archive-based installation as an
alternative to using IBM Installation Manager. If you installed the Liberty profile
using the self-extracting archive, and want to install an interim fix, you can apply
an executable JAR file.
About this task
If you used IBM Installation Manager to install the Liberty profile, you must use
Installation Manager to apply an interim fix.
An interim fix is named <Liberty profile level>-WS-WASProd_WLPArchive-<fix
type><fix id>.jar
v <Liberty profile level> refers to a 4-digit fix pack level identifier, which indicates
the minimum level to which the fix applies. For example, 8.5.0.0.
v <fix type> refers to the type of fix. For example, IF is used for an interim fix, and
TF for a diagnostic fix
v <fix id> refers the APAR reference number. If a diagnostic fix is provided before
an APAR is opened, the <fix id> is based on the PMR reference number.
Each interim fix is installed by executing the relevant JAR file, which extracts the
content into the Liberty profile base folder (/wlp).
86 IBM WebSphere Application Server: V8.5.Next Beta
Note: When the interim fix is applied, no backup data is created. If you want to
back out an interim fix, you must manually remove or restore files from the /wlp
folder.
Each interim fix is provided with a readme.txt file, which contains backup and
restore instructions specific to the fix content, in a section titled Directions to
apply fix. If the readme.txt file does not specify any requirement to back up files,
you can extract the fix and then restart the server at any time with the --clean
parameter as a launch option.
Procedure
1. Optional: If the fix contains files that will overwrite existing files, stop all
servers running on the system.
2. Optional: If the readme.txt file indicates that a backup is required, create a
backup of the lib/features/component.mf files. File locations are relative to
your Liberty profile install root.
3. Open a console and direct it to the location of your interim fix JAR file.
4. To view available options, run java -jar interim_fix_jar_file -help, where
interim_fix_jar_file is the name of the executable JAR file containing the interim
fix. The following launch options are available for the JAR file:
--installLocation
The absolute or relative location of the Liberty profile install directory.
By default the JAR file looks for a wlp directory in its current location.
If your Liberty profile install location is not the wlp folder, or is not in
the same directory as the JAR file, then you can use this option to
change where the JAR file will patch. [LibertyRootDir] can either be
relative to the location of the JAR file, or an absolute file path.
--suppressInfo
The only messages output from the JAR file will be error messages or
confirmation that patching has completed.
5. Select the install location.
6. Start all Liberty profile servers with the --clean parameter as a launch option.
For example, server start --clean. You have to use the --clean option only
once; all subsequent server starts will not require it.
Removing an interim fix from a Liberty profile archive install
Distributed operating systems
If you installed the Liberty profile by using the self-extracting archive, then to
remove an interim fix you must manually remove files, and restore files, from the
/wlp folder.
About this task
If you used IBM Installation Manager to apply an interim fix, you can use
Installation Manager to remove the interim fix.
The current set of fixes installed on a Liberty profile can be found in the
/lib/fixes directory.
Each interim fix is provided with a readme.txt file, which contains backup and
restore instructions specific to the fix content, in a section titled Directions to
Chapter 5. Installing the Liberty profile 87
apply fix. If the readme.txt file does not include any requirement to back up files,
you can extract the fix and then restart the server at any time with the --clean
parameter as a launch option.
Procedure
1. Stop all servers running on the system. For more information, see Starting and
stopping a server.
2. Delete or replace the files as detailed in the readme.txt file. File locations are
relative to your Liberty profile install root. For example:
v lib/com.ibm.ws.component_1.0.0.20120803-1356.jar
v lib/fixes/8.5.0.0-WS-WASProd_WLPArchive-IFPM11111_8.5.0.20120803-
1356.xml
3. Start all Liberty profile servers with the --clean parameter as a launch option.
For example, server start --clean. You only need to use the --clean option
once. All subsequent server starts will not require it.
What to do next
You can reapply the fix by following the instructions in Applying an interim fix to
a Liberty profile archive installation on page 86.
88 IBM WebSphere Application Server: V8.5.Next Beta
Chapter 6. Setting up the Liberty profile
Define directory locations and variables, create and configure servers, and add and
remove Liberty features that specify the capabilities of your server.
Procedure
v Defining directory locations and properties.
v Verifying the integrity of Liberty profile
installation on page 91.
v
Distributed operating systems
Creating a Liberty profile server by using developer
tools on page 93.
v Creating a Liberty profile server manually on page 95.
v Specifying Liberty profile bootstrap properties on page 95.
The default HTTP port is 9080 and HTTPS port is 9443 for the Liberty profile.
You can manually assign appropriate port numbers in the server.xml files when
multiple Liberty profile servers are running on the same machine.
Liberty profile: Directory locations and properties
In the Liberty profile, many directories have properties associated with them.
These properties can be used to specify file locations when you configure the
server.
Table 10. Runtime environment default directory structure. Column 1 contains a file and
directory tree. If a directory has a property associated with it, this is given in column 2. A
description of each file or directory is given in Column 3.
Directory or file Property Description
wlp/ wlp.install.dir Root of installation
+- bin/ Scripts for managing the server:
server; ws-launch.jar
+- clients/ Client applications. For example
restConnector.jar.
+- jython/ Jython-based scripts
+- dev/ APIs available at compile time
or run time
+- ibm-api/ Public APIs available for both
compile and run time by default
+- javadoc/ Java document archives
+- spec/ Public specification APIs
available for both compile and
run time by default
+- third-party/ Third-party APIs that are
available at compile time by
default and must be specified in
the configuration using the
apiTypeVisibility attribute of
the classloader element for
applications at run time.
Copyright IBM Corp. 2011, 2013 89
Table 10. Runtime environment default directory structure (continued). Column 1 contains a
file and directory tree. If a directory has a property associated with it, this is given in column
2. A description of each file or directory is given in Column 3.
Directory or file Property Description
+- tools/ Ant plug-in for the Liberty
profile
+- etc/ User customized server variables
that apply to all servers
(optional)
+- server.env Default server script
environment variables (optional)
+- jvm.options Default jvm options (optional)
+- lafiles/ License information files
+- lib/ Platform runtime environment
+- templates/ Runtime customization
templates and examples
+- config/ Configuration examples for
security
+- server/ Server template when creating a
server
+- usr/ wlp.user.dir User directory
+- shared/
+- apps/ shared.app.dir Shared applications
+- config/ shared.config.dir Shared configuration files
+- resources/ shared.resource.dir Shared resource definitions:
adapters, data sources
+- servers/ Shared servers directory
+- server_name server.config.dir Server configuration directory.
Use ${server.config.dir} to
reference server-specific
configuration (applications).
+-
bootstrap.properties
Server bootstrap properties
(optional)
+- jvm.options Server JVM options, which
replace the values in
wlp/etc/jvm.options (optional)
+- server.env Server script environment
variables, which are merged
with wlp/etc/server.env
(optional)
+- server.xml Server configuration overlays
(required)
+- apps/ Server configuration for
applications
+- dropins/ Server default application
dropins folder (optional)
+-
application_name
Application folder or archive
(optional)
90 IBM WebSphere Application Server: V8.5.Next Beta
Table 10. Runtime environment default directory structure (continued). Column 1 contains a
file and directory tree. If a directory has a property associated with it, this is given in column
2. A description of each file or directory is given in Column 3.
Directory or file Property Description
+- server_name server.output.dir Server output directory. Use
${server.output.dir} to
describe artifacts generated by
the server (log files and
workarea).
+- logs/ Server log files, including FFDC
logs (directory is present after
server is first run)
+- console.log Basic server status and
operations messages
+-
trace_timestamp.log
Time-stamped trace messages,
with the level of detail
determined by the current
tracing configuration
+- ffdc/ First Failure Data Capture
(FFDC) output directory
+-
ffdc_timestamp/
First Failure Data Capture
(FFDC) output that typically
includes selective memory
dumps of diagnostic data related
to the failure of a requested
operation
+- workarea/ Files created by the server as it
operates (directory is present
after server is first run)
You can use the properties associated with each directory, if any, to specify file
locations when you configure the server.
Tip: To ensure configuration portability, use the most specific property that is
appropriate, and do not rely on the relationship between resources. For example, in
some configurations the installation location, ${wlp.install.dir} might not be the
parent of the customized instance ${wlp.user.dir}.
Verifying the integrity of Liberty profile installation
You can use the command utilities to verify the installation integrity of the Liberty
profile.
About this task
After you have installed the Liberty profile, you must make sure that the
installation is completed successfully and that all required features or iFixes are
installed. The productInfo command provides different options to complete the
following tasks:
v Compare the differences between APAR fixes and the current installation.
v Validate the MD5 checksum file for server installation and each feature.
Chapter 6. Setting up the Liberty profile 91
v Verify the version information of the current installation.
v Verify the feature list on the current installation.
Liberty profile: productInfo command
The productInfo command supports validating the product integrity, comparing
different versions of the Liberty profile servers, and verifying the current product
versions.
Syntax
The command syntax is as follows:
productInfo action --[options]
where the possible values of the options vary depending on the value of theaction
parameter.
Parameters
The following action parameters and options values are available for the
productInfo command:
compare
Allows you to compare APAR fixes that are installed in the current
installation with a different version of Liberty profile.
--target="path to directory or archive file"
Specifies the target file with which to compare the current
installation. The value of --target can be either a directory or an
archive file that must be a valid Liberty profile installation location.
This option is required if --apars is not specified.
--apars="a comma separated list of APAR IDs"
Checks the current installation against this comma separated list of
APAR IDs to see if it contains them, and then lists any APARs that
are not included. This option is required if --target is not
specified.
--output="path to an output file"
Outputs the result from this command to the supplied file name.
By default, the output is directed to standard output.
--verbose
Display detailed error messages when an error occurs.
Note: At least one of --target or --apars must be supplied
featureInfo
Lists all the features that are installed on the current Liberty profile server.
--output="path to an output file"
Outputs the result from this command to the supplied file name.
By default, the output is directed to standard output.
validate
Validates the Liberty profile server against its checksum file.
92 IBM WebSphere Application Server: V8.5.Next Beta
--checksumfile="path to the checksum file"
Specifies the file that contains the checksum information of *.mf
and *.blst being installed. The default value is
lib/versions/productChecksums.cs. You can also validate the
integrity of an installed feature on the Liberty profile.
--output="path to an output file"
Outputs the result from this command to the supplied file name.
By default, the output is directed to standard output.
version
Prints the product information such as the product name, edition, version,
and iFix information.
--output=filename
Outputs the result from this command to the supplied file name.
By default, the output is directed to standard output.
--verbose
Display the whole content of each properties file.
help Prints help information for the specific action.
Usage
The following examples demonstrate correct syntax:
productInfo compare --target=C:\wlp\newInstall\wlp
productInfo compare --target=C:\wlp\newInstall.jar --output=C:\wlp\compareOutput.txt
productInfo compare --apars=com.ibm.ws.apar.PM39074,com.ibm.ws.apar.PM39075,com.ibm.ws.apar.PM39080
productInfo featureInfo --output=c:\wlp\featureListOutput.txt
productInfo validate --checksumfile=c:\wlp\libs\versions\checksums\appSecurity-2.0-mf.cs
productInfo help compare
Creating a Liberty profile server by using developer tools
Distributed operating systems
You can use developer tools to create and start a Liberty profile server. If you have
not yet installed the Liberty profile, the developer tools can install it for you the
first time you create a server.
Before you begin
Make sure you have installed the developer tools as described in Installing the
Liberty profile developer tools and (optionally) the Liberty profile on page 73.
You can create a server as described in this topic, or as described in Creating a
Liberty profile server manually on page 95.
When you create a new server using the tools, you specify the installation of the
Liberty profile that you want to use. You are offered three options:
v Select an existing installation.
v Install from a previously downloaded archive file.
v For the no-charge developer edition, Download and install.
If you want to use the tools to install a Liberty edition (other than the no-charge
developer edition) from an archive file, make sure you have downloaded the
archive file.
Chapter 6. Setting up the Liberty profile 93
Procedure
1. In the workbench, open the Servers view by clicking the Servers tab.
2. Right-click the Servers view and select New > Server.
3. Under the server type list, expand IBM and select the WebSphere Application
Server V8.5 Liberty Profile server type.
4. Click Next. The Liberty Profile Runtime Environment page is displayed.
5. Select an installation, install from an archive file, or (for the no-charge
developer edition) download and install, the Liberty profile.
If you have previously installed the Liberty profile, complete the following
steps:
a. In the Installation folder section of the Liberty Profile Runtime
Environment page, browse for the directory where you installed the Liberty
profile runtime environment, then click OK.
b. Click Next. The application-serving environment is selected.
If you want to install the Liberty profile from an archive file that you have
previously downloaded, complete the following steps:
a. In the Installation folder section of the Liberty Profile Runtime
Environment page, click Download or install.
a. In the Install Runtime Environment page, select Install a new runtime
environment from an archive.
b. Type or browse for the archive where you downloaded the Liberty profile
runtime environment, then click Next.
c. In the License Acceptance page, if you accept the license terms, select I
accept the terms of the license agreement then click Next.
d. Under the Target installation folder, type or browse for the directory to
which you want the workbench to extract the archive, then click Finish.
e. In the Liberty Profile Runtime Environment page, click Next.
If you want to download and install the no-charge developer edition of the
Liberty profile, complete the following steps:
a. In the Installation folder section of the Liberty Profile Runtime
Environment page, click Download or install.
b. In the Install Runtime Environment page, select Download and install a
new runtime environment from:, choose a download site, then click Next.
If the developer edition distribution image (a JAR file) is available on your
local file system, choose Local download. Otherwise, choose the WASdev
community download page.
c. In the License Acceptance page, if you accept the license terms, select I
accept the terms of the license agreement then click Next.
d. In the Installation Folder page, specify the target installation folder, then
click Finish. The Liberty profile is downloaded and installed to your chosen
folder.
e. In the Liberty Profile Runtime Environment page, click Next.
6. In the Liberty Profile Server page, click New.
7. Enter a server name of your choice, then click OK.
8. In the Liberty Profile Server page, click Finish.
What to do next
v Edit the server configuration. For more details see topic Editing the Liberty
profile configuration by using developer tools in the Administering book.
94 IBM WebSphere Application Server: V8.5.Next Beta
v Start the server in start mode or in debug mode, stop the server, add or
remove applications on the server, and many other tasks. You can perform these
tasks by using the server context menu (right-click on the server to open the
pop-up menu) or by selecting the tray buttons in the Servers view.
Tip: In the Servers view, you must select the server entry to perform these tasks.
Do not select the server configuration, such as the Server Configuration
[server.xml] entry for performing these tasks.
Creating a Liberty profile server manually
You can create a server from the command prompt.
Distributed operating systems
Before you begin
Distributed operating systems
You can create a server as described in this topic, or as
described in Creating a Liberty profile server by using developer tools on page
93.
Procedure
1. Open a command prompt, then change directory to the wlp/bin directory.
2. Run the following command to create a server. If you do not specify a server
name, defaultServer is used.
v
Windows Linux
server create server_name
Results
A server is created if the specified server does not already exist. If the specified
server already exists, an exception message is generated and no server is created.
The TCP/IP ports for the new server are not automatically assigned. You can
specify those ports by Specifying Liberty profile bootstrap properties other than
using the default ones.
What to do next
Configure your server to have the features that your application requires. See
Configuring the Liberty profile runtime environment in the Administering
book.
Specifying Liberty profile bootstrap properties
Bootstrap properties initialize the runtime environment for a particular server.
Generally, they are attributes that affect the configuration and initialization of the
runtime core.
About this task
Bootstrap properties are set in a text file named bootstrap.properties. This file
should be in the server directory with the configuration root file server.xml. By
Chapter 6. Setting up the Liberty profile 95
default, the server directory is usr/servers/server_name. You can change the
server directory as described in Customizing the Liberty profile environment on
page 352.
The bootstrap.properties file contains two types of properties:
v A small, predefined set of initialization properties.
v Any custom properties that you choose to define. You can then use these custom
properties as variables in other configuration files such as server.xml and
included files.
Distributed operating systems
You can edit the bootstrap.properties file using a text
editor or the editor in the WebSphere Application Server Developer Tools for
Eclipse. See Editing the Liberty profile configuration by using developer tools on
page 344.
If you update the bootstrap.properties file, you must restart the server with the
--clean option for the changes to take effect.
Procedure
v Use predefined properties to configure trace and logging.
For example, change the name of your trace file by specifying the property
com.ibm.ws.logging.trace.file.name in the bootstrap.properties file:
com.ibm.ws.logging.trace.file.name = trace.log
v Use custom properties to define the default ports for web applications.
You can share server.xml and use XML configuration files across various
development environments that allow machine- or environment-specific
customization. For example:
1. Specify the properties default.http.port and default.https.port in the
bootstrap.properties file:
default.http.port = 9081
default.https.port = 9444
Note: If you do not specify the properties, the default HTTP port is 9080 and
HTTPS ports is 9443. To override the default HTTP endpoint definition, set
the id attribute of the httpEndpoint element to defaultHttpEndpoint in the
server configuration.
2. Use these properties in the server.xml configuration file:
<httpEndpoint id="defaultHttpEndpoint"
host="*"
httpPort="${default.http.port}"
httpsPort="${default.https.port}" />
Note: host="*" means listen on all adapters. By default, the server is
listening only on address 127.0.0.1/localhost. You can also use the host
property to specify a single IP address, and then the system listens only on
the specified adapter.
v To apply the changes, restart the server.
96 IBM WebSphere Application Server: V8.5.Next Beta
Chapter 7. Administering the Liberty profile
A server configuration consists of a server.xml file, a bootstrap.properties file,
and any optional files that are included by the two main configuration files. There
is no administrative console for the Liberty profile. Administrators and developers
use the WebSphere Application Server Developer Tools for Eclipse, or a text editor,
to edit the configuration files.
About this task
The Liberty profile is configured by exception. The runtime environment operates
from a set of built-in configuration default settings, and you only need to specify
configuration that overrides those default settings. You do this by editing either the
server.xml file or another XML file that is included in server.xml at run time.
Features are the units of functionality by which you control the pieces of the
runtime environment that are loaded into a particular server. They are the primary
mechanism that makes the server composable. The list of features that you specify
in the server configuration provides a functional server.
When you first install and start the server, a feature manager and a default server
configuration are available:
v By default, a server contains the jsp-2.2 feature, to support servlet and JSP
applications. You can use the feature manager to add the features that you need.
v Server configuration is by exception. When you specify the features that you
need, the default configuration of those features provides a rich environment
that is designed to cover most common requirements, therefore you only need to
specify changes from the default configuration.
Procedure
v Liberty profile: Configuration elements in the server.xml file
v Administering the Liberty profile by using developer tools on page 344
v Administering the Liberty profile manually on page 351
v Chapter 8, Extending the Liberty profile, on page 419
Liberty profile: Configuration elements in the server.xml file
The application server configuration is described in a series of elements in the
server.xml configuration file. Each element has one or more attributes or
sub-elements. This topic contains details of the possible elements, attributes, and
sub-elements that can be configured.
List of elements in the server.xml configuration file.
v activationSpec on page 101
v activedLdapFilterProperties on page 101
v administrator-role on page 102
v application on page 103
v application-bnd on page 104
v applicationMonitor on page 106
Copyright IBM Corp. 2011, 2013 97
v authCache on page 107
v authData on page 108
v authenticated on page 109
v authentication on page 110
v automaticLibraries on page 110
v baseEntry on page 110
v basicRegistry on page 111
v binaryLog on page 112
v binaryTrace on page 114
v bundleRepository on page 116
v channelfw on page 116
v classloader on page 117
v client on page 119
v clientManager on page 120
v config on page 121
v connectionManager on page 123
v contextService on page 125
v customLdapFilterProperties on page 126
v databaseStore on page 127
v dataSource on page 128
v disk on page 132
v domino50LdapFilterProperties on page 134
v edirectoryLdapFilterProperties on page 135
v ejbContainer on page 135
v executor on page 136
v featureManager on page 138
v federatedRepository on page 139
v fileset on page 141
v fileTransfer on page 142
v group on page 143
v groupDisplayNameMapping on page 143
v groupSecurityNameMapping on page 144
v hostAuthInfo on page 145
v httpClassification on page 147
v httpDispatcher on page 148
v httpEncoding on page 149
v httpEndpoint on page 158
v httpOptions on page 160
v httpSession on page 162
98 IBM WebSphere Application Server: V8.5.Next Beta
v httpSessionDatabase on page 167
v idsLdapFilterProperties on page 172
v include on page 173
v iplanetLdapFilterProperties on page 174
v jaasLoginContextEntry on page 175
v jaasLoginModule on page 176
v jdbcDriver on page 178
v jmsCommsEndpoint on page 178
v jmsCommsOutbound on page 180
v jmsConnectionFactory on page 181
v jmsQueue on page 181
v jmsQueueConnectionFactory on page 181
v jmsTopic on page 181
v jmsTopicConnectionFactory on page 181
v jndiEntry on page 181
v jpa on page 182
v jspEngine on page 183
v keyStore on page 185
v ldapRegistry on page 186
v library on page 192
v localStore on page 194
v logging on page 195
v ltpa on page 197
v managedExecutorService on page 198
v managedServer on page 199
v member on page 201
v messagingEngine on page 202
v messagingSecurity on page 207
v mimeTypes on page 208
v mongo on page 208
v mongoDB on page 212
v monitor on page 213
v nativeTransactionManager on page 213
v netscapeLdapFilterProperties on page 214
v oauthProvider on page 215
v oauthRoles on page 220
v permission on page 221
v pluginConfiguration on page 221
v properties on page 223
Chapter 7. Administering the Liberty profile 99
v properties.datadirect.sqlserver on page 223
v properties.db2.i.native on page 231
v properties.db2.i.toolbox on page 238
v properties.db2.jcc on page 250
v properties.derby.client on page 262
v properties.derby.embedded on page 265
v properties.informix on page 267
v properties.informix.jcc on page 275
v properties.jms.ActivationSpec on page 282
v properties.jms.ConnectionFactory on page 284
v properties.jms.Queue on page 286
v properties.jms.QueueConnectionFactory on page 288
v properties.jms.Topic on page 290
v properties.jms.TopicConnectionFactory on page 292
v properties.microsoft.sqlserver on page 294
v properties.oracle on page 298
v properties.sybase on page 300
v quickStartSecurity on page 302
v realm on page 302
v remoteAccess on page 305
v role on page 306
v safAuthorization on page 307
v safCredentials on page 308
v safRegistry on page 308
v safRoleMapper on page 309
v securewayLdapFilterProperties on page 309
v serverCommand on page 310
v ssl on page 311
v sslDefault on page 311
v sslOptions on page 312
v supportedEntityType on page 312
v syncToOSThread on page 313
v tcpOptions on page 313
v textLog on page 314
v transaction on page 316
v trustAssociation on page 319
v uniqueGroupIdMapping on page 321
v uniqueUserIdMapping on page 322
v user on page 323
100 IBM WebSphere Application Server: V8.5.Next Beta
v userDisplayNameMapping on page 323
v userSecurityNameMapping on page 323
v variable on page 324
v virtualHost on page 324
v webAppSecurity on page 325
v webContainer on page 329
v wimRegistry on page 336
v wlmClassification on page 337
v wsSecurityClient on page 337
v wsSecurityProvider on page 340
activationSpec
Defines a JMS Activation Specification configuration. PID is
com.ibm.ws.jca.activationSpec.
Attributes
id Description: The unique identifier that represents the activation spec.
Required: true
Data type: string
value
Description: Must be in the format of <ApplicationName/ModuleName/
ComponentName> for example id="JMSSample/JMSSample/
SampleMDB"
Required: true
Data type: string
activedLdapFilterProperties
Specifies the list of default Microsoft Active Directory LDAP filters. PID is
com.ibm.ws.security.registry.ldap.internal.filters.actived.
Chapter 7. Administering the Liberty profile 101
Attributes
userFilter
Description: An LDAP filter clause for searching the user registry for
users.
Default value: (&(sAMAccountName=%v)(objectcategory=user))
Required: true
Data type: string
groupFilter
Description: An LDAP filter clause for searching the user registry for
groups.
Default value: (&(cn=%v)(objectcategory=group))
Required: true
Data type: string
userIdMap
Description: An LDAP filter that maps the name of a user to an LDAP
entry.
Default value: user:sAMAccountName
Required: true
Data type: string
groupIdMap
Description: An LDAP filter that maps the name of a group to an LDAP
entry.
Default value: *:cn
Required: true
Data type: string
groupMemberIdMap
Description: An LDAP filter that identifies user to group memberships.
Default value: memberof:member
Required: true
Data type: string
administrator-role
A collection of users and/or groups assigned the server administrator role. PID is
com.ibm.ws.management.security.role.administrator.
102 IBM WebSphere Application Server: V8.5.Next Beta
Sub-elements
user
Description: User assigned a role.
Required: false
Data type: string
group
Description: Group assigned a role.
Required: false
Data type: string
application
Defines the properties of an application. PID is com.ibm.ws.app.manager.
Attributes
location
Description: Location of an application expressed as an absolute path or
a path relative to the server-level apps directory.
Required: true
Data type: string
name
Description: Name of an application.
Required: false
Data type: string
type
Description: Type of application archive.
Default value: ${location:type}
Required: false
Data type: string
context-root
Description: Context root of an application.
Required: false
Data type: string
autoStart
Description: Indicates whether or not the server should start the
application automatically when the server starts.
Default value: true
Required: false
Data type: boolean
Chapter 7. Administering the Liberty profile 103
application-bnd
Binds general deployment information included in the application to specific
resources. PID is com.ibm.ws.javaee.dd.appbnd, and it is the child of complex type
application.
Attributes
version
Description: Version of the application bindings specification.
Required: false
Data type: string
104 IBM WebSphere Application Server: V8.5.Next Beta
Sub-elements
security-role
Required: false
Data type: A role that is mapped to users and groups in a domain user
registry.
name
Description: Name of a security role.
Required: true
Data type: string
user
Required: false
Data type: A user possessing a security role.
name
Description: Name of a user possessing a security role.
Required: true
Data type: string
access-id
Description: A user access ID in the general form
user:realmName/userUniqueId. A value will be generated if one
is not specified.
Required: false
Data type: string
group
Required: false
Data type: A group possessing a security role.
name
Description: Name of a group possessing a security role.
Required: true
Data type: string
access-id
Description: Group access ID
Required: false
Data type: string
special-subject
Required: false
Data type: Name of a special-subject possessing a security role.
type
Description: One of the following special subject types:
ALL_AUTHENTICATED_USERS, EVERYONE.
Range:
EVERYONE
Chapter 7. Administering the Liberty profile 105
ALL_AUTHENTICATED_USERS
All authenticated users
Required: true
Data type: string
run-as
Required: false
Data type: ID and password of a user required to access a bean from
another bean.
userid
Description: ID of a user required to access a bean from another
bean.
Required: true
Data type: string
password
Description: Password of a user required to access a bean from
another bean. The value can be stored in clear text or encoded
form. To encode the password, use the securityUtility tool with
the encode option.
Required: false
Data type: password (string)
applicationMonitor
Defines how the server responds to application additions, updates, and deletions.
PID is com.ibm.ws.app.manager.monitor.
106 IBM WebSphere Application Server: V8.5.Next Beta
Attributes
pollingRate
Description: Rate at which the server checks for application additions,
updates, and deletions. Specify a positive integer followed by a unit of
time, which can be hours (h), minutes (m), seconds (s), or milliseconds
(ms). For example, specify 500 milliseconds as 500ms. You can include
multiple values in a single entry. For example, 1s500ms is equivalent to
1.5 seconds.
Default value: 500ms
Required: false
Data type: string
dropins
Description: Location of the application drop-in directory expressed as an
absolute path or a path relative to the server directory.
Default value: dropins
Required: false
Data type: string
dropinsEnabled
Description: Monitor the drop-in directory for application additions,
updates, and deletions.
Default value: true
Required: false
Data type: boolean
updateTrigger
Description: Application update method or trigger.
Default value: polled
Range:
polled Server will scan for application changes at the polling interval
and update any applications that have detectable changes.
mbean
Server will only update applications when prompted by an
MBean called by an external program such as an integrated
development environment or a management application.
disabled
Disables all update monitoring. Application changes will not be
applied while the server is running.
Required: false
Data type: string
authCache
Controls the operation of the authentication cache service. PID is
com.ibm.ws.security.authentication.cache.
Chapter 7. Administering the Liberty profile 107
Attributes
initialSize
Description: Initial number of entries supported by the authentication
cache.
Default value: 50
Required: false
Data type: int
maxSize
Description: Maximum number of entries supported by the
authentication cache.
Default value: 25000
Required: false
Data type: int
timeout
Description: Amount of time after which an entry in the cache will be
removed. Specify a positive integer followed by a unit of time, which can
be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example,
specify 500 milliseconds as 500ms. You can include multiple values in a
single entry. For example, 1s500ms is equivalent to 1.5 seconds.
Default value: 600s
Required: false
Data type: string
allowBasicAuthLookup
Description: Allow lookup by user ID and hashed password.
Default value: true
Required: false
Data type: boolean
authData
Authentication data for connecting to an Enterprise Information System (EIS). PID
is com.ibm.ws.security.jca.internal.authdata.config.
108 IBM WebSphere Application Server: V8.5.Next Beta
Attributes
user
Description: Name of the user to use when connecting to the EIS.
Required: true
Data type: string
password
Description: Password of the user to use when connecting to the EIS. The
value can be stored in clear text or encoded form. It is recommended that
you encode the password. To do so, use the securityUtility tool with the
encode option.
Required: true
Data type: password (string)
authenticated
Security role for authorization code and token requests. PID is
com.ibm.ws.security.oauth20.authenticated.role.
Sub-elements
user
Description: User who has the security role.
Required: false
Data type: string
group
Description: Group that has the security role.
Required: false
Data type: string
specialSubject
Description: specialsubject.desc
Range:
ALL_AUTHENTICATED_USERS
All authenticated users.
EVERYONE
All users for every request, even if the request was not
authenticated.
Required: false
Data type: string
Chapter 7. Administering the Liberty profile 109
authentication
Controls the built-in authentication service configuration. PID is
com.ibm.ws.security.authentication.
Attributes
cacheEnabled
Description: Enables the authentication cache.
Default value: true
Required: true
Data type: boolean
allowHashtableLoginWithIdOnly
Description: Allow an application to login with just an identity in the
hashtable properties. Use this option only when you have applications
that require this and have other means to validate the identity.
Default value: false
Required: false
Data type: boolean
automaticLibraries
Configure automatic libraries. PID is
com.ibm.ws.classloading.sharedlibrary.automatic.
Attributes
monitorEnabled
Description: Monitor the automatic library folder for new or deleted
libraries
Default value: true
Required: false
Data type: boolean
baseEntry
baseEntry.desc. PID is com.ibm.ws.wim.core.baseEntry.
110 IBM WebSphere Application Server: V8.5.Next Beta
Attributes
name
Description: The name of a base entry.
Required: true
Data type: string
baseDN
Description: Base distinguished name (DN) in the repository.
Required: false
Data type: string
basicRegistry
A simple XML-based user registry. PID is com.ibm.ws.security.registry.basic.config.
Attributes
realm
Description: The realm name represents the user registry.
Default value: BasicRegistry
Required: true
Data type: string
Chapter 7. Administering the Liberty profile 111
Sub-elements
user
Required: false
Data type: A user in a Basic User Registry.
name
Description: Name of a user in a Basic User Registry.
Required: true
Data type: string
password
Description: Password of a user in a Basic User Registry. The value
can be stored in clear text or encoded form. It is recommended that
you encode the password. To do so, use the securityUtility tool with
the encode option.
Required: true
Data type: password (string)
group
Required: false
Data type: A group in a Basic User Registry.
name
Description: Name of a group in a Basic User Registry.
Required: true
Data type: string
member
Required: false
Data type: A member of a Basic User Registry group.
name
Description: Name of a user in a Basic User Registry group.
Required: true
Data type: string
binaryLog
Use this page to configure High Performance Extensible Logging (HPEL) log
options. The HPEL log can be viewed using the logViewer command (in the profile
bin directory). PID is com.ibm.ws.logging.binaryLog, and it is the child of complex
type logging.
112 IBM WebSphere Application Server: V8.5.Next Beta
Attributes
dataDirectory
Description: Specifies the location on the local file system to store the log
records.
Inherits: com.ibm.hpel.log.dataDirectory
Default value:
Required: false
Data type: string
purgeMaxSize
Description: Specifies the maximum size for all log files.
Inherits: com.ibm.hpel.log.purgeMaxSize
Default value: 50
Required: false
Data type: int
purgeMinTime
Description: Specifies the duration after which a server can remove a log
record.
Inherits: com.ibm.hpel.log.purgeMinTime
Default value: -1
Required: false
Data type: int
fileSwitchTime
Description: Specifies whether, in addition to regular switching of the
current file, to also start the new file at the defined time of day.
Inherits: com.ibm.hpel.log.fileSwitchTime
Required: false
Data type: int
bufferingEnabled
Description: Specifies whether to allow a small delay in saving records to
the disk for improved performance.
Inherits: com.ibm.hpel.log.bufferingEnabled
Default value: true
Required: false
Data type: boolean
outOfSpaceAction
Description: Specifies the action to perform when the file system where
records are kept runs out of free space.
Inherits: com.ibm.hpel.log.outOfSpaceAction
Default value: StopLogging
Range:
Chapter 7. Administering the Liberty profile 113
StopServer
Stop Server
PurgeOld
Remove old records
StopLogging
Stop Logging
Required: false
Data type: string
binaryTrace
Use this page to configure High Performance Extensible Logging (HPEL) trace
options. The HPEL trace can be viewed using the logViewer command (in the
profile bin directory). PID is com.ibm.ws.logging.binaryTrace, and it is the child of
complex type logging.
114 IBM WebSphere Application Server: V8.5.Next Beta
Attributes
dataDirectory
Description: Specifies the directory to store binary trace files. This
location is also used for dumping records stored in the HPEL memory
buffer.
Inherits: com.ibm.hpel.trace.dataDirectory
Default value:
Required: false
Data type: string
memoryBufferSize
Description: Specifies the maximum size of in memory buffer in
megabytes (MB).
Inherits: com.ibm.hpel.trace.memoryBufferSize
Required: false
Data type: int
purgeMaxSize
Description: Specifies the maximum size for all trace files.
Inherits: com.ibm.hpel.trace.purgeMaxSize
Default value: 50
Required: false
Data type: int
purgeMinTime
Description: Specifies the duration after which a server can remove a log
record.
Inherits: com.ibm.hpel.trace.purgeMinTime
Default value: -1
Required: false
Data type: int
fileSwitchTime
Description: Specifies whether, in addition to regular switching of the
current file, to also start the new file at the defined time of day.
Inherits: com.ibm.hpel.trace.fileSwitchTime
Required: false
Data type: int
bufferingEnabled
Description: Specifies whether to allow a small delay in saving records to
the disk for improved performance.
Inherits: com.ibm.hpel.trace.bufferingEnabled
Default value: true
Required: false
Chapter 7. Administering the Liberty profile 115
Data type: boolean
outOfSpaceAction
Description: Specifies the action to perform when the file system where
records are kept runs out of free space.
Inherits: com.ibm.hpel.trace.outOfSpaceAction
Default value: StopLogging
Range:
StopServer
Stop Server
PurgeOld
Remove old records
StopLogging
Stop Logging
Required: false
Data type: string
bundleRepository
EBA bundle repository service. PID is com.ibm.ws.eba.bundle.repository.
Attributes
filesetRef
Description: Space separated list of fileset references
Required: false
Data type: List of configuration IDs of type fileset (comma-separated
string).
Sub-elements
fileset
Description: Space separated list of fileset references
Required: false
Data type: Element of type fileset.
channelfw
Defines channel and chain management settings. PID is com.ibm.ws.channelfw.
116 IBM WebSphere Application Server: V8.5.Next Beta
Attributes
chainStartRetryInterval
Description: Time interval between start retries. Specify a positive integer
followed by a unit of time, which can be hours (h), minutes (m), seconds
(s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms.
You can include multiple values in a single entry. For example, 1s500ms is
equivalent to 1.5 seconds.
Default value: 5s
Required: false
Data type: string
chainStartRetryAttempts
Description: Number of retry attempts to make per chain.
Default value: 60
Required: false
Data type: int
chainQuiesceTimeout
Description: Default amount of time to wait while quiescing chains.
Specify a positive integer followed by a unit of time, which can be hours
(h), minutes (m), seconds (s), or milliseconds (ms). For example, specify
500 milliseconds as 500ms. You can include multiple values in a single
entry. For example, 1s500ms is equivalent to 1.5 seconds.
Default value: 30s
Required: false
Data type: string
warningWaitTime
Description: Amount of time to wait before notifying of a missing factory
configuration. Specify a positive integer followed by a unit of time, which
can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For
example, specify 500 milliseconds as 500ms. You can include multiple
values in a single entry. For example, 1s500ms is equivalent to 1.5
seconds.
Default value: 10s
Required: false
Data type: string
classloader
Classloader Service. PID is com.ibm.ws.classloading.classloader, and it is the child
of complex type application.
Chapter 7. Administering the Liberty profile 117
Attributes
delegation
Description: Controls whether parent classloader is used before or after
this classloader.
Default value: parentFirst
Range:
parentFirst
Parent first
parentLast
Parent last
Required: false
Data type: string
privateLibraryRef
Description: List of library references. Library class instances are unique
to this classloader, independent of class instances from other classloaders.
Required: false
Data type: List of configuration IDs of type library (comma-separated
string).
commonLibraryRef
Description: List of library references. Library class instances are shared
with other classloaders.
Required: false
Data type: List of configuration IDs of type library (comma-separated
string).
apiTypeVisibility
Description: The types of API package this class loader will be able to
see, as a comma-separated list of any combination of the following: spec,
ibm-api, api, third-party.
Default value: spec,ibm-api,api
Required: false
Data type: string
118 IBM WebSphere Application Server: V8.5.Next Beta
Sub-elements
privateLibrary
Description: List of library references. Library class instances are unique
to this classloader, independent of class instances from other classloaders.
Required: false
Data type: Element of type library.
commonLibrary
Description: List of library references. Library class instances are shared
with other classloaders.
Required: false
Data type: Element of type library.
client
OAuth client definition. Only clients defined here can access the provider. PID is
com.ibm.ws.security.oauth20.client.
Chapter 7. Administering the Liberty profile 119
Attributes
name
Description: Name of the client (sometimes referred to as the Id).
Required: false
Data type: string
secret
Description: Secret key of the client.
Required: false
Data type: password (string)
displayname
Description: Display name of the client.
Required: false
Data type: string
redirect
Description: URL to redirect the client's requests to.
Required: false
Data type: string
enabled
Description: Client is enabled if true, disabled if false.
Default value: true
Required: false
Data type: boolean
clientManager
Security role for client management requests. PID is
com.ibm.ws.security.oauth20.clientmanager.role.
120 IBM WebSphere Application Server: V8.5.Next Beta
Sub-elements
user
Description: User who has the security role.
Required: false
Data type: string
group
Description: Group that has the security role.
Required: false
Data type: string
specialSubject
Description: Special subject that has the security role.
Range:
ALL_AUTHENTICATED_USERS
All authenticated users.
EVERYONE
All users for every request, even if the request was not
authenticated.
Required: false
Data type: string
config
Defines how the server processes configuration information. PID is
com.ibm.ws.config.
Chapter 7. Administering the Liberty profile 121
Attributes
onError
Description: Action to take after incurring a configuration error.
Inherits: onError
Default value: WARN
Range:
WARN
Server will issue warning and error messages when it incurs a
configuration error.
FAIL Server will issue a warning or error message on the first error
occurrence and then stop the server.
IGNORE
Server will not issue any warning and error messages when it
incurs a configuration error.
Required: true
Data type: string
monitorInterval
Description: Rate at which the server checks for configuration updates.
Specify a positive integer followed by a unit of time, which can be hours
(h), minutes (m), seconds (s), or milliseconds (ms). For example, specify
500 milliseconds as 500ms. You can include multiple values in a single
entry. For example, 1s500ms is equivalent to 1.5 seconds.
Default value: 500ms
Required: false
Data type: string
updateTrigger
Description: Configuration update method or trigger.
Default value: polled
Range:
polled Server will scan for changes at the polling interval on all the
configuration files and update the runtime configuration with the
changes detected.
mbean
Server will only update the configuration when prompted by an
MBean called by an external program such as an integrated
development environment or a management application.
disabled
Disables all update monitoring. Configuration changes will not be
applied while the server is running.
Required: false
Data type: string
122 IBM WebSphere Application Server: V8.5.Next Beta
connectionManager
Connection Manager configuration. PID is com.ibm.ws.jca.connectionManager.
Chapter 7. Administering the Liberty profile 123
Attributes
agedTimeout
Description: Amount of time before a physical connection can be
discarded by pool maintenance. A value of -1 disables this timeout.
Specify a positive integer followed by a unit of time, which can be hours
(h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s.
You can include multiple values in a single entry. For example, 1m30s is
equivalent to 90 seconds.
Default value: -1
Required: false
Data type: string
connectionTimeout
Description: Amount of time after which a connection request times out.
A value of -1 disables this timeout. Specify a positive integer followed by
a unit of time, which can be hours (h), minutes (m), or seconds (s). For
example, specify 30 seconds as 30s. You can include multiple values in a
single entry. For example, 1m30s is equivalent to 90 seconds.
Default value: 30s
Required: false
Data type: string
maxIdleTime
Description: Amount of time after which an unused or idle connection
can be discarded during pool maintenance, if doing so does not reduce
the pool below the minimum size. A value of -1 disables this timeout.
Specify a positive integer followed by a unit of time, which can be hours
(h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s.
You can include multiple values in a single entry. For example, 1m30s is
equivalent to 90 seconds.
Default value: 30m
Required: false
Data type: string
maxPoolSize
Description: Maximum number of physical connections for a pool. A
value of 0 means unlimited.
Default value: 50
Required: false
Data type: int
minPoolSize
Description: Minimum number of physical connections to maintain in the
pool. The pool is not pre-populated. Aged timeout can override the
minimum.
Required: false
Data type: int
purgePolicy
124 IBM WebSphere Application Server: V8.5.Next Beta
Description: Specifies which connections to destroy when a stale
connection is detected in a pool.
Default value: EntirePool
Range:
EntirePool
When a stale connection is detected, all connections in the pool
are marked stale, and when no longer in use, are closed.
FailingConnectionOnly
When a stale connection is detected, only the connection which
was found to be bad is closed.
ValidateAllConnections
When a stale connection is detected, connections are tested and
those found to be bad are closed.
Required: false
Data type: string
reapTime
Description: Amount of time between runs of the pool maintenance
thread. A value of -1 disables pool maintenance. Specify a positive integer
followed by a unit of time, which can be hours (h), minutes (m), or
seconds (s). For example, specify 30 seconds as 30s. You can include
multiple values in a single entry. For example, 1m30s is equivalent to 90
seconds.
Default value: 3m
Required: false
Data type: string
maxConnectionsPerThread
Description: Limits the number of open connections on each thread.
Required: false
Data type: int
numConnectionsPerThreadLocal
Description: Caches the specified number of connections for each thread.
Required: false
Data type: int
contextService
Configures how context is propagated to threads. PID is
com.ibm.ws.context.service.
Chapter 7. Administering the Liberty profile 125
Attributes
onError
Description: Determines the action to take in response to configuration
errors. For example, if securityContext is configured for this
contextService, but the security feature is not enabled, then onError
determines whether to fail, raise a warning, or ignore the parts of the
configuration which are incorrect.
Inherits: onError
Default value: WARN
Range:
FAIL Fail when incorrect configuration is encountered.
IGNORE
Ignore incorrect configuration.
WARN
onError.WARN
Required: true
Data type: string
baseContextRef
Description: Specifies a base context service from which to inherit context
that is not already defined on this context service.
Required: false
Data type: Configuration ID of type contextService (string).
Sub-elements
baseContext
Description: Specifies a base context service from which to inherit context
that is not already defined on this context service.
Required: false
Data type: Element of type contextService.
customLdapFilterProperties
Specifies the list of default Custom LDAP filters. PID is
com.ibm.ws.security.registry.ldap.internal.filters.custom.
126 IBM WebSphere Application Server: V8.5.Next Beta
Attributes
userFilter
Description: An LDAP filter clause for searching the user registry for
users.
Default value: (&(uid=%v)(objectclass=ePerson))
Required: true
Data type: string
groupFilter
Description: An LDAP filter clause for searching the user registry for
groups.
Default value:
(&(cn=%v)(|(objectclass=groupOfNames)
(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))
Required: true
Data type: string
userIdMap
Description: An LDAP filter that maps the name of a user to an LDAP
entry.
Default value: *:uid
Required: true
Data type: string
groupIdMap
Description: An LDAP filter that maps the name of a group to an LDAP
entry.
Default value: *:cn
Required: true
Data type: string
groupMemberIdMap
Description: An LDAP filter that identifies user to group memberships.
Default value:
ibm-allGroups:member;ibm-allGroups:uniqueMember;
groupOfNames:member;groupOfUniqueNames:uniqueMember
Required: true
Data type: string
databaseStore
Clients are defined and tokens are cached in the database. PID is
com.ibm.ws.security.oauth20.database.store.
Chapter 7. Administering the Liberty profile 127
Attributes
dataSourceRef
Description: Reference to the data source for the store.
Required: false
Data type: Configuration ID of type dataSource (string).
cleanupExpiredTokenInterval
Description: Expired token cleanup interval (seconds). The equivalent
provider parameter in the full application server profile is
oauthjdbc.CleanupInterval. Specify a positive integer followed by a unit
of time, which can be hours (h), minutes (m), or seconds (s). For example,
specify 30 seconds as 30s. You can include multiple values in a single
entry. For example, 1m30s is equivalent to 90 seconds.
Default value: 3600
Required: false
Data type: string
user
Description: Database store user
Required: false
Data type: string
password
Description: Password used to access the database.
Required: false
Data type: password (string)
Sub-elements
dataSource
Description: Reference to the data source for the store.
Required: false
Data type: Element of type dataSource.
dataSource
Defines a data source configuration. PID is com.ibm.ws.jdbc.dataSource.
128 IBM WebSphere Application Server: V8.5.Next Beta
Attributes
jndiName
Description: JNDI name for a data source.
Required: true
Data type: string
jdbcDriverRef
Description: JDBC driver for a data source.
Required: false
Data type: Configuration ID of type jdbcDriver (string).
connectionManagerRef
Description: Connection manager for a data source.
Required: false
Data type: Configuration ID of type connectionManager (string).
type
Description: Type of data source.
Range:
javax.sql.XADataSource
javax.sql.ConnectionPoolDataSource
javax.sql.DataSource
Required: false
Data type: string
connectionSharing
Description: Specifies how connections are matched for sharing.
Default value: MatchOriginalRequest
Range:
MatchOriginalRequest
When sharing connections, match based on the original
connection request.
MatchCurrentState
When sharing connections, match based on the current state of
the connection.
Required: false
Data type: string
isolationLevel
Description: Default transaction isolation level.
Range:
TRANSACTION_READ_UNCOMMITTED
Dirty reads, non-repeatable reads and phantom reads can occur.
TRANSACTION_READ_COMMITTED
Dirty reads are prevented; non-repeatable reads and phantom
Chapter 7. Administering the Liberty profile 129
reads can occur.
TRANSACTION_REPEATABLE_READ
Dirty reads and non-repeatable reads are prevented; phantom
reads can occur.
TRANSACTION_SERIALIZABLE
Dirty reads, non-repeatable reads and phantom reads are
prevented.
TRANSACTION_SNAPSHOT
Snapshot isolation for Microsoft SQL Server JDBC Driver and
DataDirect Connect for JDBC driver.
Required: false
Data type: string
statementCacheSize
Description: Maximum number of cached statements per connection.
Default value: 10
Required: false
Data type: int
transactional
Description: Enable participation in transactions that are managed by the
application server.
Default value: true
Required: false
Data type: boolean
beginTranForResultSetScrollingAPIs
Description: Attempt transaction enlistment when result set scrolling
interfaces are used.
Default value: true
Required: false
Data type: boolean
beginTranForVendorAPIs
Description: Attempt transaction enlistment when vendor interfaces are
used.
Default value: true
Required: false
Data type: boolean
commitOrRollbackOnCleanup
Description: Determines how to clean up connections that might be in a
database unit of work (AutoCommit=false) when the connection is closed
or returned to the pool.
Range:
commit
Clean up the connection by committing.
rollback
130 IBM WebSphere Application Server: V8.5.Next Beta
Clean up the connection by rolling back.
Required: false
Data type: string
queryTimeout
Description: Default query timeout for SQL statements. In a JTA
transaction, syncQueryTimeoutWithTransactionTimeout can override this
default. Specify a positive integer followed by a unit of time, which can
be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds
as 30s. You can include multiple values in a single entry. For example,
1m30s is equivalent to 90 seconds.
Required: false
Data type: string
recoveryAuthDataRef
Description: Authentication data for transaction recovery.
Required: false
Data type: Configuration ID of type authData (string).
syncQueryTimeoutWithTransactionTimeout
Description: Use the time remaining (if any) in a JTA transaction as the
default query timeout for SQL statements.
Default value: false
Required: false
Data type: boolean
supplementalJDBCTrace
Description: Supplements the JDBC driver trace that is logged when
JDBC driver trace is enabled in bootstrap.properties. JDBC driver trace
specifications include: com.ibm.ws.database.logwriter,
com.ibm.ws.db2.logwriter, com.ibm.ws.derby.logwriter,
com.ibm.ws.informix.logwriter, com.ibm.ws.oracle.logwriter,
com.ibm.ws.sqlserver.logwriter, com.ibm.ws.sybase.logwriter.
Required: false
Data type: boolean
Chapter 7. Administering the Liberty profile 131
Sub-elements
jdbcDriver
Description: JDBC driver for a data source.
Required: false
Data type: Element of type jdbcDriver.
connectionManager
Description: Connection manager for a data source.
Required: false
Data type: Element of type connectionManager.
recoveryAuthData
Description: Authentication data for transaction recovery.
Required: false
Data type: Element of type authData.
disk
Enable disk offload to specify that when the cache is full, cache entries are
removed from the cache and saved to disk. The location is a fully-qualified
directory location that is used by the disk offload function. The Flush to Disk on
Stop option specifies that when the server stops, the contents of the memory cache
are moved to disk. PID is com.ibm.ws.cache.disk, and it is the child of complex
type null.
132 IBM WebSphere Application Server: V8.5.Next Beta
Attributes
sizeInEntries
Description: Specifies a value for the maximum disk cache size, in
number of entries.
Default value: 100000
Required: false
Data type: int
sizeInGB
Description: Specifies a value for the maximum disk cache size, in
gigabytes (GB).
Default value: 3
Required: false
Data type: int
evictionPolicy
Description: Specifies the eviction algorithm and thresholds that the disk
cache uses to evict entries.
Default value: RANDOM
Range:
RANDOM
SIZE
Required: false
Data type: string
highThreshold
Description: Specifies when the eviction policy starts.
Default value: 80
Required: false
Data type: int
lowThreshold
Description: Specifies when the eviction policy ends.
Default value: 70
Required: false
Data type: int
location
Description: Specifies a directory to use for disk offload.
Required: false
Data type: string
flushToDiskOnStopEnabled
Description: Set this value to true to have objects that are cached in
memory saved to disk when the server stops. This value is ignored if
Enable disk offload is set to false.
Chapter 7. Administering the Liberty profile 133
Default value: false
Required: false
Data type: boolean
domino50LdapFilterProperties
Specifies the list of default IBM Lotus
Domino
(Native)
<dataSource id="db2iNative" jndiName="jdbc/db2iNative">
<jdbcDriver libraryRef="DB2iNativeLib"/>
<properties.db2.i.native databaseName="*LOCAL"/>
</dataSource>
<library id="DB2iNativeLib">
<fileset dir="/QIBM/Proddata/java400/jdk6/lib/ext" includes="db2_classes16.jar"/>
</library>
For DB2 on iSeries (Toolbox)
<dataSource id="db2iToolbox" jndiName="jdbc/db2iToolbox">
<jdbcDriver libraryRef="DB2iToolboxLib"/>
<properties.db2.i.toolbox databaseName="SAMPLEDB" serverName="localhost"/>
</dataSource>
<library id="DB2iToolboxLib">
<fileset dir="/QIBM/ProdData/Http/Public/jt400/lib" includes="jt400.jar"/>
</library>
For Derby Embedded
<dataSource id="derbyEmbedded" jndiName="jdbc/derbyEmbedded">
<jdbcDriver libraryRef="DerbyLib"/>
<properties.derby.embedded databaseName="C:/databases/SAMPLEDB" createDatabase="create"/>
</dataSource>
<library id="DerbyLib">
<fileset dir="C:/db-derby-10.8.1.2-bin/lib"/>
</library>
For Derby Network Client
<dataSource id="derbyClient" jndiName="jdbc/derbyClient">
<jdbcDriver libraryRef="DerbyLib"/>
<properties.derby.client databaseName="C:/databases/SAMPLEDB" createDatabase="create"
serverName="localhost" portNumber="1527"/>
</dataSource>
<library id="DerbyLib">
<fileset dir="C:/db-derby-10.8.1.2-bin/lib"/>
</library>
For Informix JCC
<dataSource id="informixjcc" jndiName="jdbc/informixjcc">
<jdbcDriver libraryRef="DB2JCC4Lib"/>
<properties.informix.jcc databaseName="SAMPLEDB" serverName="localhost" portNumber="1526"/>
</dataSource>
<library id="DB2JCC4Lib">
<fileset dir="C:/Drivers/jcc/4.8" includes="db2jcc4.jar db2jcc_license_cisuz.jar"/>
</library>
For Informix JDBC
<dataSource id="informix" jndiName="jdbc/informix">
<jdbcDriver libraryRef="InformixLib"/>
<properties.informix databaseName="SAMPLEDB" ifxIFXHOST="localhost"
serverName="ol_machinename" portNumber="1526"/>
</dataSource>
<library id="InformixLib">
<fileset dir="C:/Drivers/informix" includes="ifxjdbc.jar ifxjdbcx.jar"/>
</library>
For Microsoft SQL Server (Microsoft JDBC driver)
<dataSource id="mssqlserver" jndiName="jdbc/mssqlserver">
<jdbcDriver libraryRef="MSJDBCLib"/>
<properties.microsoft.sqlserver databaseName="SAMPLEDB"
serverName="localhost" portNumber="1433"/>
</dataSource>
<library id="MSJDBCLib">
<fileset dir="C:/sqljdbc_4.0/enu" includes="sqljdbc4.jar"/>
</library>
For Microsoft SQL Server (DataDirect Connect for JDBC driver)
<dataSource id="ddsqlserver" jndiName="jdbc/ddsqlserver">
<jdbcDriver libraryRef="DataDirectLib"/>
<properties.datadirect.sqlserver databaseName="SAMPLEDB"
Chapter 7. Administering the Liberty profile 409
serverName="localhost" portNumber="1433"/>
</dataSource>
<library id="DataDirectLib">
<fileset dir="C:/DataDirect/Connect-4.2/lib" includes="sqlserver.jar"/>
</library>
For MySQL
<dataSource id="mySQL" jndiName="jdbc/mySQL">
<jdbcDriver libraryRef="MySQLLib"/>
<properties databaseName="SAMPLEDB" serverName="localhost" portNumber="3306"/>
</dataSource>
<library id="MySQLLib">
<fileset dir="C:/mysql-connector-java-x.x.xx"
includes="mysql-connector-java-x.x.xx.jar"/>
</library>
For Oracle
<dataSource id="oracle" jndiName="jdbc/oracle">
<jdbcDriver libraryRef="OracleLib"/>
<properties.oracle URL="jdbc:oracle:thin:@//localhost:1521/SAMPLEDB"/>
</dataSource>
<library id="OracleLib">
<fileset dir="C:/Oracle/lib" includes="ojdbc6.jar"/>
</library>
For Sybase
<dataSource id="sybase" jndiName="jdbc/sybase">
<jdbcDriver libraryRef="SybaseLib"/>
<properties.sybase databaseName="SAMPLEDB" serverName="localhost" portNumber="5000"/>
</dataSource>
<library id="SybaseLib">
<fileset dir="C:/Drivers/sybase" includes="jconn4.jar"/>
</library>
For solidDB
or
), these symbols indicate U.S. registered or common law trademarks owned
by IBM at the time this information was published. Such trademarks may also be
registered or common law trademarks in other countries. A current list of IBM
trademarks is available on the web at Copyright and trademark information
(www.ibm.com/legal/copytrade.shtml).
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.
Linux is a registered trademark of Linus Torvalds in the United States, other
countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of
Microsoft Corporation in the United States, other countries, or both.
This product includes software developed by the Eclipse Project
(http://www.eclipse.org/).
Notices 577
578 IBM WebSphere Application Server: V8.5.Next Beta
Sending your comments to IBM
If you especially like or dislike anything about this book, please use one of the
methods listed below to send your comments to IBM.
Feel free to comment on what you regard as specific errors or omissions, and on
the accuracy, organization, subject matter, or completeness of this book.
Please limit your comments to the information in this book and the way in which
the information is presented.
To make comments about the functions of IBM products or systems, talk to your
IBM representative or to your IBM authorized remarketer.
When you send comments to IBM, you grant IBM a nonexclusive right to use or
distribute your comments in any way it believes appropriate, without incurring
any obligation to you.
You can send your comments to IBM in any of the following ways:
v By mail, to this address:
User Technologies Department (MP095)
IBM United Kingdom Laboratories
Hursley Park
WINCHESTER,
Hampshire
SO21 2JN
United Kingdom
v By fax:
From outside the U.K., after your international access code use 44-1962-816151
From within the U.K., use 01962-816151
v Electronically, use the appropriate network ID:
IBM Mail Exchange: GBIBM2Q9 at IBMMAIL
IBMLink: HURSLEY(IDRCF)
Internet: idrcf@hursley.ibm.com
Whichever method you use, ensure that you include:
v The publication title and order number
v The topic to which your comment applies
v Your name and address/telephone number/fax number/network ID.
Copyright IBM Corp. 2011, 2013 579
580 IBM WebSphere Application Server: V8.5.Next Beta