Pages

Ads 468x60px

Monday, March 11, 2013

IBM: Java com.tivoli.pd.jcfg.SvrSslCfg Utility




This (com.tivoli.pd.jcfg.SvrSslCfg) utility configures your application in secure domain which is required for communication between TAM-eb and your application. I will configure and run a demo application. These are prerequisites for running the utility:

* WAS, LDAP (TDS) and WebSEAL are configured (Tested by running)
* Java installed
Note: Run these commands on the terminal

$java -version (Java Runtime version)
$javac -version (Java compiler version)

Both should be same like
Runtime: java version "1.6.0_32-ea"
              Java(TM) SE Runtime Environment (build 1.6.0_32-ea-b01)

Compile: javac 1.6.0_32-ea

* Set System Environmental Variables in $HOME/.bashrc or /root/.bashrc like


  PATH=/usr/java/jdk1.6.0/bin:$PATH
  export JAVA_HOME=/usr/java/jdk1.6.0
  export CLASSPATH=/usr/java/jdk1.6.0/lib/tools.jar:./

If you get following exception while running com.tivoli.pd.jcfg.SvrSslCfg utility
Exception: noclassdeffounderror com.ibm.security.x509.x509certimpl
OR
 PD.properties can't be loaded

Solution: 

* Run this command on terminal
$export PATH=/opt/IBM/TDI/V6.1.1/jvm/jre/bin:$PATH

* Run this command on terminal
$which java

Output should be: /opt/IBM/TDI/V6.1.1/jvm/jre/bin

* Run this command on terminal
$/opt/PolicyDirector/sbin/pdjrtecfg -action config -host tameb -port 7135 -java_home /usr/j2se/jre -domain Default -config_type full


Output should be: Configuration of Access Manager Runtime for Java is in progress.
This might take several minutes.
Configuration of Access Manager Runtime for Java completed successfully.

* In $HOME/.bashrc or /root/.bashrc, add following line:

export CLASSPATH=/usr/java/jre1.6.0_30/lib/ext/PD.jar:$CLASSPATH

* Run this command on terminal
$echo $CLASSPATH

Output should be: /usr/java/jre1.6.0_30/lib/ext/PD.jar:/usr/java/jdk1.6.0_32/lib/tools.jar:./

* Run this command on the terminal
$cat /opt/PolicyDirector/etc/pdjrte_paths

Output should be: /opt/IBM/WebSphere/AppServer/java/jre
/usr/java/jre1.6.0_30

Run com.tivoli.pd.jcfg.SvrSslCfg Utility


Configure Your Application:
$java -Dpd.cfg.home=/opt/IBM/WebSphere/AppServer/java/jre com.tivoli.pd.jcfg.SvrSslCfg -action config -admin_id sec_master -admin_pwd object00 -appsvr_id tameb -port 8880 -mode local -policysvr tameb:7135:1 -authzsvr tameb:7136:1
-cfg_file /opt/PolicyDirector/example/pdadminapi_demo/java/configuration/app.properties
-key_file /opt/PolicyDirector/example/pdadminapi_demo/java/keyfile/app.ks -cfg_action create

Note:
* If app.ks file already exists then value for -cfg_action will be 'replace'
* If you have already configured an application, then before configuring another you have to unconfig previous one using this command

Unconfig Your Application:
$java -Dpd.cfg.home=/opt/IBM/WebSphere/AppServer/java/jre com.tivoli.pd.jcfg.SvrSslCfg -action unconfig -admin_id sec_master -admin_pwd object00 -appsvr_id tameb -policysvr tameb:7135:1 -cfg_file /opt/PolicyDirector/example/pdadminapi_demo/java/configuration/app.properties

Now Run your demo application using this command
$java PDAdminDemo sec_master file:///opt/PolicyDirector/example/pdadminapi_demo/java/configuration/app.properties c=us

Note:
* Your configuration string should start like this, 'file:///' (config_str = file:///) or you will get something like specified protocol error.

Exceptions: 

java.lang.ClassNotFoundException: com.ibm.crypto.fips.provider.IBMJCEFIPS
java.lang.ClassNotFoundException: com.ibm.crypto.provider.IBMJCE
java.lang.ClassNotFoundException: com.ibm.security.util.DerValue
java.lang.ClassNotFoundException: com.ibm.jsse2.IBMJSSEProvider2

Solution: 

Run these commands on terminal or add these lines in $HOME/.bashrc or /root/.bashrc

export CLASSPATH=/usr/java/jre1.6.0_30/lib/ext/ibmjcefips.jar:$CLASSPATH
export CLASSPATH=/usr/java/jre1.6.0_30/lib/ext/ibmjceprovider.jar:$CLASSPATH
export CLASSPATH=/usr/java/jre1.6.0_30/lib/ext/ibmpkcs.jar:$CLASSPATH
export CLASSPATH=/usr/java/jre1.6.0_30/lib/ext/ibmjsseprovider2.jar:$CLASSPATH

Exception: 

"HPDJA0109W A nonnull value is being passed to an unsupported argument" is thrown while creating a user using PDUser.createUser 

OR


java.util.MissingResourceException: can't find bundle for base name locale english US:
PDUser.CreateUser()

Solution:

While creating a PD user, value for the description should be null.

Helping Commands:

* Check Servers Status
$pd_start status

* To view process ports
$$lsof -i

References: 

http://www-01.ibm.com/support/docview.wss?uid=swg21284688



No comments:

Post a Comment