WebSphere Application Server Liberty Profile知识点概览
2013-03-30 10:33
573 查看
Liberty Profile是一种轻量级、快速启动,基于OSGi的动态应用服务器。自WAS8.5开始,默认自带一个名为wlp的目录,该目录就是Liberty Profile的安装路径。
架构
目录结构
编程模型
配置
服务器配置
可以参考官方文档http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/autodita/rwlp_metatype_4ic.html来配置服务器,所以的配置都是在server.xml中进行。
Feature Manager配置
关于Liberty Profile的所有Feature文档,可以参看http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/rwlp_feat.html。其配置也是在server.xml中进行的,一个典型的配置如下:
如果想查看当前的WLP版本都包含哪些Feature,可以查看<WLP_INST_ROOT>/lib/features目录下的.MF文件。该目录下每个MF文件代表一个Feature,文件名就是Feature的名字。
安全配置
1 认证和授权
Quick Start Security
在server.xml中配置
<quickStartSecurity userPassword="bobpwd" userName="Bob" />
在server.xml的App下配置
<application id="TestEAR" location="TestEAR.ear" name="TestEAR"
type="ear">
<application-bnd>
<security-role name="testing">
<user name="Bob" />
</security-role>
</application-bnd>
</application>
在App的web.xml中配置(这个是通用的)
<!-- SECURITY ROLES -->
<security-role>
<role-name>testing</role-name>
</security-role>
<!-- SECURITY CONSTRAINTS -->
<security-constraint>
<web-resource-collection>
<web-resource-name>abc</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>testing</role-name>
</auth-constraint>
</security-constraint>
<!-- AUTHENTICATION METHOD: Basic authentication -->
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
Basic User Registry
在server.xml中配置
<basicRegistry id="basic" realm="WebRealm">
<user name="Bob" password="bobpwd" />
<user name="user1" password="user1pwd" />
<user name="user2" password="user2pwd" />
<group name="myAdmins">
<member name="Bob" />
<member name="user1" />
</group>
<group name="users">
<member name="user1" />
<member name="user2" />
</group>
</basicRegistry>
在server.xml的App下配置
LDAP User Registy
参考http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_sec_ldap.html查看具体的配置文档
SAF User Registy (ZOS Only)
//TODO
2 SSL配置
在server.xml中配置
其中SSL certificate可以通过工具来创建:
In the Servers view, right-click your Liberty server profile,and selectUtilities >CreateSSL Certificate.
On the Create SSL Certificate page, you can create a defaultsecure socket layer (SSL) certificate to use with your server.
In the Keystore password field,type a password for your SSL certificate.
Click the
Specify validity period (days) field,and specify the number of days you want the certificate to be validfor. Minimum length of time is 365 days.
Click the
Specify subject (DN): field,and provide a value for your SSL subject.
Click
Finish.
然后在server.xml中配置
或者用命令行的方式:
wlp/bin下,
然后在server.xml中配置
数据源配置
1 For DB2
在server.xml中配置
2 For Derby
在server.xml中配置
管理
Liberty Profile不像tWAS,它是没有控制台的,所以用户必须借助WebSphere® Application Server Developer Tools for Eclipse或文本编辑器来编辑相应的配置文件,这些配置文件主要为:server.xml和bootstrap.properties以及其他一些包含在这两个主要文件里面的可选文件。
部署
部署应用程序到Liberty Profile上有两种方式:拷贝到dropins目录,或编辑server.xml文件(借助WebSphere® Application Server Developer Tools for Eclipse或文本编辑器)。
参考资料:
WLP在线Info Center:
http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/cwlp_about.html 【理论篇?】
http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.nd.multiplatform.doc/ae/welc6tech_wlp_thr.html 【实践篇?】
新一代轻量级应用服务器 — WebSphere Liberty Profile Server 介绍
http://www.ibm.com/developerworks/cn/websphere/library/techarticles/1207_zhuxl_liberty/1207_zhuxl_liberty.html
wasdev.net页面
https://www.ibmdw.net/wasdev/ 【WAS开发者的社区】
架构
目录结构
Directory or file | Property | Description |
---|---|---|
wlp/ | wlp.install.dir | Root of installation |
+- bin/ | Scripts for managing the server:server;ws-launch.jar | |
+- clients/ | Client applications. For examplerestConnector.jar. | |
+- dev/ | APIs available at compile time orrun time | |
+- ibm-api/ | Public APIs available for both compileand run time by default | |
+-javadoc/ | Java™ documentarchives | |
+- spec/ | Public specification APIs availablefor both compile and run time by default | |
+- third-party/ | Third-party APIs that are availableat compile time by default and must be specified in the configurationusing theapiTypeVisibility attribute of theclassloader elementfor applications at run time. | |
+- tools/ | Ant plug-in for the Liberty profile | |
+-etc/ | User customized server variablesthat apply to all servers (optional) | |
+-server.env | Default server script environmentvariables (optional) | |
+-jvm.options | Default jvm options (optional) | |
+- lafiles/ | License information files | |
+- lib/ | Platform runtime environment | |
+- templates/ | Runtime customization templates andexamples | |
+- config/ | Configuration examples for security | |
+- server/ | Server template whencreating a server | |
+- usr/ | wlp.user.dir | User directory |
+- shared/ | ||
+-apps/ | shared.app.dir | Shared applications |
+-config/ | shared.config.dir | Shared configuration files |
+-resources/ | shared.resource.dir | Shared resource definitions: adapters,data sources |
+- servers/ | Shared servers directory | |
+-server_name | server.config.dir | Server configuration directory.Use${server.config.dir} to reference server-specific configuration (applications). |
+-bootstrap.properties | Server bootstrap properties (optional) | |
+-jvm.options | Server JVM options, which replacethe values inwlp/etc/jvm.options (optional) | |
+-server.env | Server script environment variables,which are merged with wlp/etc/server.env (optional) | |
+-server.xml | Server configuration overlays (required) | |
+-apps/ | Server configuration for applications | |
+-dropins/ | Server default application dropinsfolder (optional) | |
+-application_name | Application folder or archive (optional) | |
+-server_name | server.output.dir | Server output directory.Use${server.output.dir} to describe artifacts generated by the server (log files and workarea). |
+-logs/ | Server log files, including FFDClogs (directory is present after server is first run) | |
+-console.log | Basic server status and operationsmessages | |
+-trace_timestamp.log | Time-stamped trace messages, withthe level of detail determined by the current tracing configuration | |
+-ffdc/ | First Failure Data Capture (FFDC)output directory | |
+-ffdc_timestamp/ | First Failure Data Capture (FFDC)output that typically includes selective memory dumps of diagnosticdata related to the failure of a requested operation | |
+-workarea/ | Files created by the server as it operates (directoryis present after server is first run) |
Technology | Specification reference | Full profile | Liberty profile |
---|---|---|---|
Java Platform,Enterprise Edition 6 (Java EE6) | JSR 316 | ✔ | |
Web services technologies | |||
Java APIfor RESTful Web Services (JAX-RS) 1.1 | JSR 311 | ✔ | ✔ |
Implementing Enterprise Web Services 1.3 | JSR 109 | ✔ | |
Java APIfor XML-Based Web Services (JAX-WS) 2.2 | JSR 224 | ✔ | |
Java Architecturefor XML Binding (JAXB) 2.2 | JSR 222 | ✔ | |
Web Services Metadata for the Java Platform | JSR 181 | ✔ | |
Java APIfor XML-based RPC (JAX-RPC) 1.1 | JSR 101 | ✔ | |
Java APIsfor XML Messaging 1.3 | JSR 67 | ✔ | |
Java APIfor XML Registries (JAXR) 1.0 | JSR 93 | ✔ | |
SOAP with Attachments API for Java (SAAJ) 1.3 | JSR 67 | ✔ | |
Web application technologies | |||
Java Servlet3.0 | JSR 315 | ✔ | ✔ |
JavaServer Faces 2.0 | JSR 314 | ✔ | ✔ |
JavaServer Pages 2.2/Expression Language 2.2 | JSR 245 | ✔ | ✔ |
Standard Tag Library for JavaServer Pages (JSTL)1.2 | JSR 52 | ✔ | ✔ |
Debugging Support for Other Languages 1.0 | JSR 45 | ✔ | ✔ |
Enterprise application technologies | |||
Contexts and Dependency Injection for Java (Web Beans 1.0) | JSR 299 | ✔ | |
Dependency Injection for Java 1.0 | JSR 330 | ✔ | |
Bean Validation 1.0 | JSR 303 | ✔ | ✔ |
Enterprise JavaBeans 3.1 (includes Interceptors 1.1) | JSR 318 | ✔ | |
Java EEConnector Architecture 1.6 | JSR 322 | ✔ | |
Java Persistence2.0 | JSR 317 | ✔ | ✔ |
Common Annotations for the Java Platform 1.1 | JSR 250 | ✔ | ✔1 |
Java MessageService API 1.1 | JSR 914 | ✔ | |
Java TransactionAPI (JTA) 1.1 | JSR 907 | ✔ | ✔ |
JavaMail 1.4 | JSR 919 | ✔ | |
Management and security technologies | |||
Java AuthenticationService Provider Interface for Containers | JSR 196 | ✔ | |
Java AuthorizationContract for Containers 1.3 | JSR 115 | ✔ | |
Java EEApplication Deployment 1.2 | JSR 88 | ✔ | |
J2EE Management 1.1 | JSR 77 | ✔ | |
Java EE-relatedspecifications in Java SE | |||
Java APIfor XML Processing (JAXP) 1.3 | JSR 206 | ✔ | ✔ |
Java DatabaseConnectivity 4.0 | JSR 221 | ✔ | ✔ |
Java ManagementExtensions (JMX) 2.0 | JSR 255 | ✔ | ✔ |
JavaBeans Activation Framework (JAF) 1.1 | JSR 925 | ✔ | ✔ |
Streaming API for XML (StAX) 1.0 | JSR 173 | ✔ | ✔ |
服务器配置
可以参考官方文档http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/autodita/rwlp_metatype_4ic.html来配置服务器,所以的配置都是在server.xml中进行。Feature Manager配置
关于Liberty Profile的所有Feature文档,可以参看http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/rwlp_feat.html。其配置也是在server.xml中进行的,一个典型的配置如下:
<server> <featureManager> <feature>servlet-3.0</feature> <feature>localConnector-1.0</feature> </featureManager> </server>
如果想查看当前的WLP版本都包含哪些Feature,可以查看<WLP_INST_ROOT>/lib/features目录下的.MF文件。该目录下每个MF文件代表一个Feature,文件名就是Feature的名字。
安全配置
1 认证和授权
Quick Start Security
在server.xml中配置
<quickStartSecurity userPassword="bobpwd" userName="Bob" />
在server.xml的App下配置
<application id="TestEAR" location="TestEAR.ear" name="TestEAR"
type="ear">
<application-bnd>
<security-role name="testing">
<user name="Bob" />
</security-role>
</application-bnd>
</application>
在App的web.xml中配置(这个是通用的)
<!-- SECURITY ROLES -->
<security-role>
<role-name>testing</role-name>
</security-role>
<!-- SECURITY CONSTRAINTS -->
<security-constraint>
<web-resource-collection>
<web-resource-name>abc</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>testing</role-name>
</auth-constraint>
</security-constraint>
<!-- AUTHENTICATION METHOD: Basic authentication -->
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
Basic User Registry
在server.xml中配置
<basicRegistry id="basic" realm="WebRealm">
<user name="Bob" password="bobpwd" />
<user name="user1" password="user1pwd" />
<user name="user2" password="user2pwd" />
<group name="myAdmins">
<member name="Bob" />
<member name="user1" />
</group>
<group name="users">
<member name="user1" />
<member name="user2" />
</group>
</basicRegistry>
在server.xml的App下配置
<application id="TestEAR" location="TestEAR.ear" name="TestEAR" type="ear"> <application-bnd> <security-role name="testing"> <user name="Bob" /> <user name="user1" /> <group name="users" /> </security-role> </application-bnd> </application>
LDAP User Registy
参考http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_sec_ldap.html查看具体的配置文档
SAF User Registy (ZOS Only)
//TODO
2 SSL配置
在server.xml中配置
<featureManager> <feature>ssl-1.0</feature> </featureManager> <!-- default SSL configuration is defaultSSLSettings -> <sslDefault sslRef="defaultSSLSettings" /> <ssl id="defaultSSLSettings" keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore" clientAuthenticationSupported="true" /> <keyStore id="defaultKeyStore" location="key.jks" type="JKS" password="defaultPWD" /> <keyStore id="defaultTrustStore" location="trust.jks" type="JKS" password="defaultPWD" /> <ssl id="mySSLSettings" keyStoreRef="myKeyStore" trustStoreRef="myTrustStore" clientAuthentication="true" /> <keyStore id="LDAPKeyStore" location="${server.config.dir}/myKey.p12" type="PKCS12" password="{xor}CDo9Hgw=" /> <keyStore id="LDAPTrustStore" location="${server.config.dir}/myTrust.p12" type="PKCS12" password="{xor}CDo9Hgw=" />
其中SSL certificate可以通过工具来创建:
In the Servers view, right-click your Liberty server profile,and selectUtilities >CreateSSL Certificate.
On the Create SSL Certificate page, you can create a defaultsecure socket layer (SSL) certificate to use with your server.
In the Keystore password field,type a password for your SSL certificate.
Click the
Specify validity period (days) field,and specify the number of days you want the certificate to be validfor. Minimum length of time is 365 days.
Click the
Specify subject (DN): field,and provide a value for your SSL subject.
Click
Finish.
这样在/resources/security下一个default key store:key.jks就创建好了
然后在server.xml中配置
<keyStore id="defaultKeyStore" password="keystore_password" />
或者用命令行的方式:
wlp/bin下,
securityUtility createSSLCertificate --server server_name --password your_password
这样在/resources/security下一个default key store:key.jks就创建好了
然后在server.xml中配置
<keyStore id="defaultKeyStore" password="keystore_password" />
数据源配置
1 For DB2
在server.xml中配置
<variable name="DB2_JCC_DRIVER_PATH" value="C:/Drivers/DB2" /> <library id="db2Lib"> <fileset dir="${DB2_JCC_DRIVER_PATH}" includes="db2jcc4.jar db2jcc_license_cu.jar db2jcc_license_cisuz.jar" /> </library> <dataSource id="DefaultDB2Datasource" jndiName="jdbc/DefaultDB2Datasource" statementCacheSize="10" beginTranForResultSetScrollingAPIs="false" beginTranForVendorAPIs="false" connectionSharing="MatchCurrentState" transactional="false" syncQueryTimeoutWithTransactionTimeout="false" isolationLevel="TRANSACTION_READ_COMMITTED" queryTimeout="10" > <jdbcDriver libraryRef="db2Lib" javax.sql.ConnectionPoolDataSource="com.ibm.db2.jcc.DB2ConnectionPoolDataSource"/> <properties.db2.jcc databaseName="TESTDB" driverType="4" serverName="localhost" portNumber="50000" currentLockTimeout="10" currentSchema="DBUSER2" cursorSensitivity="0" deferPrepares="true" loginTimeout="0" resultSetHoldability="1" retrieveMessagesFromServerOnGetMessage="true" traceLevel="-1" user="dbuser2" password="{xor}LDcfLTo7Oz0=" /> <connectionManager connectionTimeout="180" maxPoolSize="10" minPoolSize="1" reapTime="180" maxIdleTime="1800" agedTimeout="7200" purgePolicy="EntirePool"/> </dataSource>
2 For Derby
在server.xml中配置
<variable name="DERBY_JDBC_DRIVER_PATH" value="C:/Drivers/derby" /> <library id="derbyLib"> <fileset dir="${DERBY_JDBC_DRIVER_PATH}" includes="derby.jar" /> </library> <dataSource id="DefaultDerbyDatasource" jndiName="jdbc/DefaultDerbyDatasource" statementCacheSize="10"> <jdbcDriver libraryRef="derbyLib" javax.sql.ConnectionPoolDataSource="org.apache.derby.jdbc.EmbeddedConnectionPoolDataSource"/> <properties.derby.embedded databaseName="C:/myDerby/DefaultDB" shutdownDatabase="false" connectionAttributes="upgrade=true" createDatabase="create" /> <connectionManager connectionTimeout="180" maxPoolSize="10" minPoolSize="1" reapTime="180" maxIdleTime="1800" agedTimeout="7200" purgePolicy="EntirePool" /> </dataSource>
管理
Liberty Profile不像tWAS,它是没有控制台的,所以用户必须借助WebSphere® Application Server Developer Tools for Eclipse或文本编辑器来编辑相应的配置文件,这些配置文件主要为:server.xml和bootstrap.properties以及其他一些包含在这两个主要文件里面的可选文件。
部署
部署应用程序到Liberty Profile上有两种方式:拷贝到dropins目录,或编辑server.xml文件(借助WebSphere® Application Server Developer Tools for Eclipse或文本编辑器)。
参考资料:
WLP在线Info Center:
http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/cwlp_about.html 【理论篇?】
http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.nd.multiplatform.doc/ae/welc6tech_wlp_thr.html 【实践篇?】
新一代轻量级应用服务器 — WebSphere Liberty Profile Server 介绍
http://www.ibm.com/developerworks/cn/websphere/library/techarticles/1207_zhuxl_liberty/1207_zhuxl_liberty.html
wasdev.net页面
https://www.ibmdw.net/wasdev/ 【WAS开发者的社区】
相关文章推荐
- websphere application server v8.5 liberty profile试用
- WebSphere Application Server 概要(Profile)理解入门,第 2 部
- 【ZT】WebSphere Application Server 概要(Profile)理解入门,第 3 部分: 如何管理概要
- WebSphere Application Server 概要(Profile)理解(一)
- WebSphere Application Server 概要(Profile)理解入门,第 1 部分:基本概念
- [转]WebSphere Application Server 概要(Profile)理解入门,第 3 部分: 如何管理概要
- WebSphere Application Server创建profile的响应文件
- [转!]WebSphere Application Server 概要(Profile)理解入门,第 1 部分: 基本概念
- WebSphere Application Server 概要(Profile)理解入门,第 1 部
- WebSphere Application Server 概要(Profile)理解(二)
- WebSphere Application Server 概要(Profile)理解入门,第 2 部
- WebSphere Application Server 概要(Profile)理解入门,第 2 部
- WebSphere Application Server 概要(Profile)理解入门,第 3 部
- 在 UNIX 和 Linux 系统上安装和配置 WebSphere Application Server
- 将 Spring 和 Hibernate 与 WebSphere Application Server 一起使用
- WebSphere Application Server切换JAVA SDK版本
- 将 JMS 连接池与 WebSphere Application Server 和 WebSphere MQ 一起使用,第 1 部分
- 创建 WebSphere Application Server 系统服务
- BM WebSphere 系列产品和 BEA Tuxedo Server 的集成方案,第 2 部分: 通过 XUG 建立IBM WebSphere Application Server 和BEA Tuxedo Server 的访问通路
- IBM WebSphere Application Server V6.1 Fix Pack 29于2010.01.18发布