Thoughts and Tutorials about Continuous Integration, Application Integration, SOA, IT Architecture, WebSphere and Liferay

Apr 23, 2008

How to create an WebService-Gateway in WebSphere Application Server 6.1

In this post i try to explain how to implement an Webservice Gateway in WebSphere Application Server 6.1.
To created and manage Webservice Gateways over administrativ console the Websphere Network Deployment Licence is needed.
The following picture shows how an Webservice Enviroment should look like in the end.

Note: JAX-RPC-Handlers and Mediations will be configured in another post (see above)

1. Installation of SDO Repository
1.1 Ensure that Server/Node is started
1.2 Locate installSdoRepository.jacl (probably in bin-directory)
1.3 Change to bin-directory of profile and execute
wsadmin -f "location of installSdoRepository.jacl" -createDb
to create the SDO-Repository (storage for WSDL-Definitions,..)
1.4 Locate sibwsInstall.jacl(probably in util-directory)
1.5 Execute
wsadmin -f "Location of sibwsInstall.jacl" INSTALL_RA -nodeName "Name of Node" -installRoot "Location of System"
to install the Resource Adapter (used to invoke Web services)
1.6 Execute
wsadmin -f "Location of sibwsInstall.jacl" INSTALL -nodeName "Name of Node" -installRoot "Location of System"
to install the SIBWS-Application (SIBWS= Service Integration Bus Web Services)
1.7 Execute
wsadmin -f "Location of sibwsInstall.jacl" INSTALL_HTTP -nodeName "Name of Node" -installRoot "Location of System"
to install the HTTP-Channel-Applications (needed for accessing an Web Service)

What we created:
We installed all necessary application (components) for creating a WebService Gateway.
In the next Steps we will associate these applications with Endpoint Listeners.

2. Create and configure SIB
2.1 In administrative console go to Integration > Buses
2.2 Create an new Bus
2.3 Add an Server/Cluster as an Bus Member to newly created Bus (Bus > Bus Member > Add)
2.4 Create End Point Listener
2.4.1 In admin console go to Servers > Application Servers > "Server which was added as Bus Member" > Additional Properties > Endpoint Listener
2.4.2 Click "New" to create Endpoint Listener
Name: SOAPHTTPChannel1
Binding: SOAP over HTTP
URL-ROOT: "URL of Bus Member Server"/wsgwsoaphttp1
WSDL servering URL: "URL of Bus Member Server"/wsgwsoaphttp1/wsdl

2.5 Connect End point listener to SIB
2.5.1 Go to newly created End point listener > Connection Properties > New
2.5.2 Select newly created Bus
2.6 Restart server(s) to start message engine
2.6.1 Perhaps an authenticate error occurs. In this case you need to create a J2C Authentication data entry an associate it to the message engine (Panel: Integration > Buses > "Bus name" > Security for bus "bus name" > Inter-engine authentication alias) . J2C data should contain the credentials of the primary Websphere admin (wasadmin).

3. Create an Webservice Gateway Instance for your WebService Application
3.1 Go to Service Integration > Buses > "Bus Name" > Web Service Gateway instances > New
Name: "name of wsgw"
Gateway namespace:"busname".wsgw1
Default Proxy WSDL URL: "URL of Bus Member"/sibws/proxywsdl/ProxyServiceTemplate.wsdl
3.2 Go to Service Integration > Buses > "Bus Name" > Web Service Gateway Instances > "name of wsgw" > Gateway services > New
This is were you need the WSDL of your Webservice application (which have to be installed first).
3.2.1 Select WSDL-defined web service provider
3.2.1 Fill out Step 1 with your Gateway Service Name
3.2.2 Fill out Step 2 with your WSDL location (URL)
3.2.3 Go through other steps (no input needed) and click "Finish"

Edited: 01.07.2008
Adapted from WAS 6.0

Export / Import LTPA-Keys for Single Sign On (SSO)

Sometimes its necessary to implement an SSO-Enviroment over different WebSphere-Cells (e.g. Production-Cell and Acceptance-Cell). To do this both cells need the same LTPA-Keys.
The synchronization of LTPA-Keys can be done over Admin-Console.

1. To Export LTPA-Keys from a Cell navigate to
Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration.

2. Fill out the import/export-Form at the bottom of the pageand click "Export keys". The LTPA-Keys will be exported to the specified directory. (The Keys will be password protected.)

3. Copy the exported ltpa.jceks-File to other the Cell (do not override ltpa.jceks of this cell).

4. Take a look at ltpa.jceks-File of this cell and note the file-size.
File is located in /"websphere"/"dmgr"/config/cells/"cellname"/ltpa.jceks

5. To import the LTPA-Keys to other Cell navigate to
Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration.

6. Fill out "Cross-cell Single sign on"-From and click "Import keys"

7. File size of ltpa.jceks-File of this Cell should now be increased.
Sometimes nothing happens to file size of ltpa.jceks-File and Cross-cell SSO will not work (WAS-Bug).
In this case just repeat the import.

8. Restart servers/node