Thoughts and Tutorials about Continuous Integration, Application Integration, SOA, IT Architecture, WebSphere and Liferay

Apr 29, 2009

WebDAV Access for Liferay deyployed in a WebSphere Server

Enable WebDAV-Access to Liferay 5.2.2 deployed in WebSphere is quite easy.
1. Deploy Liferay 5.2.2
2. Download the liferay-portal-tunnel-web-5.2.2.war from Liferay's Sourceforge Folder.
3. After downloading the war-File you need to deploy it into the SAME JVM with Liferay 5.
4. Restart the JVM
5. Create a new Folder in a Document Library-Portlet and click "Access from my desktop"
6. Copy the URL


7. Create a new network resource in Windows. Use this Tutorial http://jakarta.apache.org/slide/xp.html
Hint:
You can also use JackRabbit without Liferay in order to enable WebDAV with WebSphere.

Apr 21, 2009

Enable Client certificate authentication with IBM HTTP Server and WebSphere

If you want to provide client cert autentication for web apps deployed in WebSphere Application Server 6.1 you first need to edit the web.xml of the application.
You need to add a security-constraint:
<security-constraint id="SecurityConstraint_Test01">
<web-resource-collection id="WebResourceCollection_TestOZ01">
<web-resource-name>Test</web-resource-name>
<description/>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint id="AuthConstraint_CognosOZ02">
<description/>
<role-name>Tester</role-name>
</auth-constraint>
</security-constraint>
<login-config id="LoginConfig_1">
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Testrealm</realm-name>
</login-config>
<security-role id="SecurityRole_MIS01">
<description/>
<role-name>Tester</role-name>
</security-role>

After that you need to create a new virtual host in your ibm http server config.
To do that edit the httpd.conf
<VirtualHost <ip-adresse>:443>
ServerName www.yourvh.host.com
SSLEnable
SSLClientAuth 2
SSLServerCert <name of cert in key-db>
<Directory "/">
Options Indexes MultiViews
Order allow,deny
Allow from all
SSLClientAuthRequire o="<needed dn>"
</Directory>

RequestHeader set HTTPS %{HTTPS}e
RequestHeader set SSL_CIPHER %{SSL_CIPHER}e
RequestHeader set SSL_CLIENT_CN %{SSL_CLIENT_CN}e
RequestHeader set SSL_CLIENT_DN %{SSL_CLIENT_DN}e

DocumentRoot /usr/IBM/HTTPServer/www-doc-root2/
</VirtualHost>

Then you need to add the root-cert of the certificate you want to use for authentification to the key-database of your ibm http server.
1. Open the IBM Key Management utility ((i)keyman) and add the root-cert (e.g. o=host.com). Use the same name like in the httpd.conf (<name of cert in key-db>)
2. Save the changes to the key-database
3. Restart your IBM HTTP Server

After that edit the virtual host settings in WebSphere. In the administrative console go to Enviroment > Virtual Hosts and add the new Virtual Host (e.g.: Certificate Host) with its Host aliases.

The plugin-cfg.xml of your IBM HTTP Server should now be automatically updated with a new Virtual Host entry.

<VirtualHostGroup Name="Certificate Host">
<VirtualHost Name="<host-alias1>:*" />
<VirtualHost Name="<host-alias1>:*" />
</VirtualHostGroup>