Thoughts and Tutorials about Continuous Integration, Application Integration, SOA, IT Architecture, WebSphere and Liferay

Nov 26, 2008

Enable g-zip for IBM HTTP Server

In order to deflate the content served form a IBM HTTP Server (IHS) it is possible to enable the g-zip-option in httpd.conf to compress the traffic between a client and a IHS.

To enable g-zip add this lines at the bottom of httpd.conf:


# compress everything but images
LoadModule deflate_module modules/mod_deflate.so
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
# log some info
#LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
#CustomLog logs/deflate_log deflate
# Insert filter
SetOutputFilter DEFLATE
# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don't compress images
SetEnvIfNoCase Request_URI \
\.(?:gifjpe?gpngexe)$ no-gzip dont-vary

Link to sample httpd.conf

To enable mime-types exiplict look at this sample file

Link to sample httpd.conf (Version 2)

Links:

http://www.redbooks.ibm.com/abstracts/TIPS0288.html?Open

Nov 19, 2008

Form Login for WebSphere Application Server 6.1

To enable a form based login (instead of a Basic Authentification) edit the web.xml of the application and add a login configuration:

<login-config id="LoginConfig_1"><auth-method>FORM</auth-method><realm-name>Example Form-Based Authentication Area</realm-name><form-login-config id="FormLoginConfig_1"><form-login-page>/login.jsp</form-login-page><form-error-page>/error.jsp</form-error-page></form-login-config></login-config>
The login.jsp contains the login form (ibm example):
<!DOCTYPE HTML PUBLIC "-//W3C/DTD HTML 4.0 Transitional//EN"><html><META HTTP-EQUIV = "Pragma" CONTENT="no-cache"><title> Security FVT Login Page </title><body><h2>Form Login</h2><FORM METHOD=POST ACTION="j_security_check"><p><font size="2"> <strong> Enter user ID and password: </strong></font><BR><strong> User ID</strong> <input type="text" size="20" name="j_username"><strong> Password </strong> <input type="password" size="20" name="j_password"><BR><BR><font size="2"> <strong> And then click this button: </strong></font><input type="submit" name="login" value="Login"></p>
</form></body></html>
the error.jsp contains an error message (ibm example):

<!DOCTYPE HTML PUBLIC "-//W3C/DTD HTML 4.0 Transitional//EN"><html><head><title>A Form login authentication failure occurred</head></title><body><h1><b>A Form login authentication failure occurred</h1></b><p>Authentication may fail for one of many reasons. Some possibilities include:<ol><li>The user-id or password may be entered incorrectly; either misspelled or thewrong case was used.<li>The user-id or password does not exist, has expired, or has been disabled.</ol></p></body></html>
So whats going on (example):
1. User is trying to access http://example.com/app/index.html
2. User get redirected to http://example.com/app/login.jsp
2.1 WAS creates a cookie called WASReqURL which contains the whished path (Value: http[s]://[:Port]/app/index.jsp)
3. User types in user-id and passwort and submits the login credentials
3.1 WAS reads the WASReqURL-Cookie and redirects the the requested path (http://example.com/app/index.html).
3.2 If the credentials are wrong WAS redirects the user to http://example.com/app/error.jsp
It is possible to edit the WASReqURL-Cookie to change the redirect path after a successful login.
Steps:
1. Read cookie Value:
  1. String url ="";
  2. String text = "";
  3. String newurl = "";
  4. //Get all cookies
  5. Cookie[] cookies = request.getCookies();
    for (int index=0; index <= cookies.length; index++) {
  6. String cookieName = cookies[index].getName();
  7. if ("WASReqURL".equals(cookieName)) {
  8. //If WASReqURL-Cookie is found, get the value and cancel for-loop urlwithoutlogging = cookies[index].getValue();
  9. break;
  10. }
  11. }
2. Set a new WASReqURL-Cookie
  1. Cookie wasrequrlcookie = new Cookie("WASReqURL",newurl));
  2. response.addCookie(wasrequrlcookie);

Links:

Nov 11, 2008

Enable SSL (HTTPs) for IBM HTTP Server

To enable SSL on a IBM HTTP Server (Client -> IHS), you need to generate a proper certificate first.

Steps to generate self-signed-certificate for https traffic:

1. Open /<ihs-root>/bin/ikeyman

2. Select CMS as type and specify a file name and a location for the certificate file

3. When prompted for a password type in your desired password.

4. Click Create > New Self-Signed Certificate in iKeyman. Type in your desired values.


5. Exit iKeymen.

6. Verify that all needed files (3-4 files) are generated in your certificate location.

After generating a self-signed-certificate the IHS needs to be configured to use SSL.

1. Open /<ihs-root>/conf/httpd.conf

2. Add following line to load the SSL module. Add these line add the end of the Load Modules section.

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

3. Add a virtual host to enable SSL.

Link to example file

4. Save and restart the HTTPs Server (/<ihs-root>/bin/apachectl)

Troubleshooting 1:

If SSL isnt working check the Virtual Host defined in your WebSphere Server.

1. In Administrative Console go to Virtual > default host > Host Aliases and check if port 433 is defined.

To setup SSL between IHS and a WebSphere-Server see:

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_httpserv.html

Troubleshooting 2:

Perhaps you need to update the default plugin key files.

1. In Administrative Console go to WebServer > <webserver-name> > Plugin properties

2. Click "Copy to Web server key store directory" to override the old default certificates.

3. Restart the IHS and try again