In this chapter, you will find required settings for the deployment of the CoreMedia system into IBM WebSphere Application Server:
Settings for the operating system of IBM WebSphere
JVM properties
Property for better performance
The order of the class loaders
ORB configuration properties
Java Authentication and Authorization Service (JAAS) properties
OS Level Settings
For the operation system on which IBM WebSphere runs, you have to set the following properties at least to the specified values:
JVM Settings
For a single WebSphere instance with all Blueprint applications deployed, you need at least the following memory settings:
| Key | Value | Description |
|---|---|---|
initialHeapSize | 4096 | Initial memory for JVM |
maximumHeapSize | 6144 | Maximum memory for JVM |
Table 5.2. JVM Settings
JVM System Properties
You have to set the following JVM system properties in IBM WebSphere as described below.
| key | solr.solr.home |
| example value | /var/coremedia/solr-home |
| description |
Directory where Solr configuration and plugin settings are stored. Instead of setting this value here, which
requires a restart of WebSphere, you can set it within the web.xml file of the
Solr web application. A more detailed description can be found in Section 4.2.2.9, “Solr Home Configuration”.
|
| key | client.encoding.override |
| value | UTF-8 |
| description | When deployed in a WebSphere server, Solr does not handle non-ASCII characters correctly (such as German umlauts ä, ö, ü). In order to fix this, add this property. |
| key | coremedia.logging.directory |
| example value | /var/log/coremedia |
| description | Directory where CoreMedia component logs are stored. |
| key | com.coremedia.orb.jndiName |
| value | java:comp/ORB |
| description |
The communication between CoreMedia components is based on CORBA. It is recommended to inject the ORB provided by WebSphere into all deployed CoreMedia servers and UAPI clients.
Alternatively to JVM system properties, you can add this property in the Make sure that if you set this property, that the host on this port is resolvable by all clients. the section called “Port Settings” describes where you set this value. |
Table 5.3. JVM System Properties
To set the memory settings and JVM system properties, follow this click path:
→ → → → → →
Enter the JVM system properties into the Generic JVM arguments field as shown in Figure 5.1, “Define JVM Arguments in WebSphere”.
Port Settings
If you inject the IBM WebSphere ORB into all servers and UAPI clients, you need to make sure that the host name set for this port can be resolved by the client. You will find the ORB ports host setting at the following click path: → → → → →
Security Settings
CoreMedia command line clients, as installed by the standard deployment, are not able to connect to a Content Server running in WebSphere Application Server using an SSL encrypted CORBA connection. Therefore, in order to use these tools, the WAS must also accept unencrypted communication. Use the following steps to configure the server:
In WebSphere go to the following window:
→ → → → → → → →
Change the entry from to .
Now, the clients communicate with the Content Server in the WebSphere Application Server through an unsecured CORBA connection. However, all clients that support SSL encoding use a secure connection.
For additional security, remote access to the clear-text CORBA port can be restricted using operating system and firewall means.
Improve Performance
For better performance of the CoreMedia web applications deployed to the WebSphere Application Server, it is highly recommended to set the following property in the same place as the properties described in the previous section.
Set local hostname caching to true:
com.ibm.cacheLocalHost=true
Class loader Order
CoreMedia components can be successfully deployed in a WebSphere environment using the
class loader configuration PARENT_LAST, set for each web application module.
In order to enable this class loader order, select in the WebSphere Administration Console:
→ → → →
Java Authentication and Authorization Service (JAAS)
CoreMedia content servers use a custom JAAS Login module, named JaasCap with the settings, described in Table 5.4, “ Java Authentication and Authorization Service (JAAS) ”. In Create JAAS module is described how you have to create the module.
| Key | Value |
|---|---|
loginType
| application |
loginModules
| hox.corem.server.CapLoginModule |
authStrategies
| SUFFICIENT |
Table 5.4. Java Authentication and Authorization Service (JAAS)
The login module requires the following predicates as custom properties:
| Key | Value |
|---|---|
predicate.1.class
| hox.corem.login.NameLoginPredicate |
predicate.1.args
| negative=true,editor.regex=(serverdump|publisher|auto-actor|watchdog|workflow|webserver|importer|feeder), filesystem.regex=(serverdump|publisher|auto-actor|watchdog|workflow|webserver|importer|feeder) |
predicate.2.class
| hox.corem.login.NameLoginPredicate |
predicate.2.args
| webserver.regex=webserver,publisher.regex=publisher,replicator.regex=replicator,workflow.regex=workflow,feeder.regex=feeder |
predicate.3.class
| hox.corem.login.NameLoginPredicate |
predicate.3.args
| editor.regex=.*,debug.regex=.*,filesystem.regex=.*,importer.regex=.*,system.regex=.* |
Table 5.5. Custom JAAS LoginModule Properties
Create the JAAS login module with the settings given above as follows:
Create JAAS module
Create a custom Login Module named
JaasCapwith class namehox.corem.server.CapLoginModulein the WebSphere Administration Console under:→ → →
Set its authentication strategy to
SUFFICIENT.The
JAASpredicates are located in thejaas.conffile, underWEB-INF/properties/coremof a Content Server's installation folder.Add each predicate as a custom property to the newly configured
hox.corem.server.CapLoginModulein WebSphere (see Figure 5.3, “Custom JAAS LoginModule”).
Web Container Settings
In order to run CAE web applications in IBM WebSphere you have to set two properties for the web container in WebSphere. For each property create a new custom property in the WebSphere Administration Console under: → → →
| key |
com.ibm.wsspi.jsp.evalQuotedAndEscapedExpression
|
| example value |
true
|
| description | There is a known issue in WebSphere's environment concerning the evaluation of Taglib functions within single quotes. Set this property to true in order to enable this functionality. |
| key |
com.ibm.ws.webcontainer.extractHostHeaderPort
|
| example value |
true
|
| description | Set the trusthostheaderport and the com.ibm.ws.webcontainer.extractHostHeaderPort custom property to true to return the port number from the request host header first. http://www-01.ibm.com/support/knowledgecenter/SSEQTP_8.5.5/com.ibm.websphere.base.doc/ae/rweb_custom_props.html?cp=SSEQTP_8.5.5%2F1-17-5-994 |
| key |
trusthostheaderport
|
| example value |
true
|
| description | Set the trusthostheaderport and the com.ibm.ws.webcontainer.extractHostHeaderPort custom property to true to return the port number from the request host header first. http://www-01.ibm.com/support/knowledgecenter/SSEQTP_8.5.5/com.ibm.websphere.base.doc/ae/rweb_custom_props.html?cp=SSEQTP_8.5.5%2F1-17-5-994 |
| key |
httpsIndicatorHeader
|
| example value |
X-Forwarded-HTTPS
|
| description | The SSL offloader must be configured to add a special header indicating that the original request was over HTTPS.
On the proxy / loadbalancer, make sure to inject this header as request header.
See http://www-01.ibm.com/support/docview.wss?uid=swg21221253 for a detailed description.
Add for example this to your virtualhost configuration for Apache:
RequestHeader set X-Forwarded-HTTPS "true"
|
Table 5.6. Web Container Settings
 |  | |
 |