WebSphere Application Server Liberty Profile知识点概览

Liberty Profile是一种轻量级、快速启动，基于OSGi的动态应用服务器。自WAS8.5开始，默认自带一个名为wlp的目录，该目录就是Liberty Profile的安装路径。

架构

目录结构

Directory or file	Property	Description
wlp/	wlp.install.dir	Root of installation
+- bin/		Scripts for managing the server:server;ws-launch.jar
+- clients/		Client applications. For examplerestConnector.jar.
+- dev/		APIs available at compile time orrun time
+- ibm-api/		Public APIs available for both compileand run time by default
+-javadoc/		Java™ documentarchives
+- spec/		Public specification APIs availablefor both compile and run time by default
+- third-party/		Third-party APIs that are availableat compile time by default and must be specified in the configurationusing theapiTypeVisibility attribute of theclassloader elementfor applications at run time.
+- tools/		Ant plug-in for the Liberty profile
+-etc/		User customized server variablesthat apply to all servers (optional)
+-server.env		Default server script environmentvariables (optional)
+-jvm.options		Default jvm options (optional)
+- lafiles/		License information files
+- lib/		Platform runtime environment
+- templates/		Runtime customization templates andexamples
+- config/		Configuration examples for security
+- server/		Server template whencreating a server
+- usr/	wlp.user.dir	User directory
+- shared/
+-apps/	shared.app.dir	Shared applications
+-config/	shared.config.dir	Shared configuration files
+-resources/	shared.resource.dir	Shared resource definitions: adapters,data sources
+- servers/		Shared servers directory
+-server_name	server.config.dir	Server configuration directory.Use${server.config.dir} to reference server-specific configuration (applications).
+-bootstrap.properties		Server bootstrap properties (optional)
+-jvm.options		Server JVM options, which replacethe values inwlp/etc/jvm.options (optional)
+-server.env		Server script environment variables,which are merged with wlp/etc/server.env (optional)
+-server.xml		Server configuration overlays (required)
+-apps/		Server configuration for applications
+-dropins/		Server default application dropinsfolder (optional)
+-application_name		Application folder or archive (optional)
+-server_name	server.output.dir	Server output directory.Use${server.output.dir} to describe artifacts generated by the server (log files and workarea).
+-logs/		Server log files, including FFDClogs (directory is present after server is first run)
+-console.log		Basic server status and operationsmessages
+-trace_timestamp.log		Time-stamped trace messages, withthe level of detail determined by the current tracing configuration
+-ffdc/		First Failure Data Capture (FFDC)output directory
+-ffdc_timestamp/		First Failure Data Capture (FFDC)output that typically includes selective memory dumps of diagnosticdata related to the failure of a requested operation
+-workarea/		Files created by the server as it operates (directoryis present after server is first run)

编程模型

Technology	Specification reference	Full profile	Liberty profile
Java Platform,Enterprise Edition 6 (Java EE6)	JSR 316	✔
Web services technologies
Java APIfor RESTful Web Services (JAX-RS) 1.1	JSR 311	✔	✔
Implementing Enterprise Web Services 1.3	JSR 109	✔
Java APIfor XML-Based Web Services (JAX-WS) 2.2	JSR 224	✔
Java Architecturefor XML Binding (JAXB) 2.2	JSR 222	✔
Web Services Metadata for the Java Platform	JSR 181	✔
Java APIfor XML-based RPC (JAX-RPC) 1.1	JSR 101	✔
Java APIsfor XML Messaging 1.3	JSR 67	✔
Java APIfor XML Registries (JAXR) 1.0	JSR 93	✔
SOAP with Attachments API for Java (SAAJ) 1.3	JSR 67	✔
Web application technologies
Java Servlet3.0	JSR 315	✔	✔
JavaServer Faces 2.0	JSR 314	✔	✔
JavaServer Pages 2.2/Expression Language 2.2	JSR 245	✔	✔
Standard Tag Library for JavaServer Pages (JSTL)1.2	JSR 52	✔	✔
Debugging Support for Other Languages 1.0	JSR 45	✔	✔
Enterprise application technologies
Contexts and Dependency Injection for Java (Web Beans 1.0)	JSR 299	✔
Dependency Injection for Java 1.0	JSR 330	✔
Bean Validation 1.0	JSR 303	✔	✔
Enterprise JavaBeans 3.1 (includes Interceptors 1.1)	JSR 318	✔
Java EEConnector Architecture 1.6	JSR 322	✔
Java Persistence2.0	JSR 317	✔	✔
Common Annotations for the Java Platform 1.1	JSR 250	✔	✔1
Java MessageService API 1.1	JSR 914	✔
Java TransactionAPI (JTA) 1.1	JSR 907	✔	✔
JavaMail 1.4	JSR 919	✔
Management and security technologies
Java AuthenticationService Provider Interface for Containers	JSR 196	✔
Java AuthorizationContract for Containers 1.3	JSR 115	✔
Java EEApplication Deployment 1.2	JSR 88	✔
J2EE Management 1.1	JSR 77	✔
Java EE-relatedspecifications in Java SE
Java APIfor XML Processing (JAXP) 1.3	JSR 206	✔	✔
Java DatabaseConnectivity 4.0	JSR 221	✔	✔
Java ManagementExtensions (JMX) 2.0	JSR 255	✔	✔
JavaBeans Activation Framework (JAF) 1.1	JSR 925	✔	✔
Streaming API for XML (StAX) 1.0	JSR 173	✔	✔

配置

服务器配置

可以参考官方文档http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/autodita/rwlp_metatype_4ic.html来配置服务器，所以的配置都是在server.xml中进行。

Feature Manager配置

关于Liberty Profile的所有Feature文档，可以参看http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/rwlp_feat.html。其配置也是在server.xml中进行的，一个典型的配置如下：

<server>
<featureManager>
<feature>servlet-3.0</feature>
<feature>localConnector-1.0</feature>
</featureManager>
</server>

如果想查看当前的WLP版本都包含哪些Feature,可以查看<WLP_INST_ROOT>/lib/features目录下的.MF文件。该目录下每个MF文件代表一个Feature，文件名就是Feature的名字。

安全配置

1 认证和授权

Quick Start Security

在server.xml中配置

<quickStartSecurity userPassword="bobpwd" userName="Bob" />

在server.xml的App下配置

<application id="TestEAR" location="TestEAR.ear" name="TestEAR"

type="ear">

<application-bnd>

<security-role name="testing">

<user name="Bob" />

</security-role>

</application-bnd>

</application>

在App的web.xml中配置（这个是通用的）

<!-- SECURITY ROLES -->

<security-role>

<role-name>testing</role-name>

</security-role>

<!-- SECURITY CONSTRAINTS -->

<security-constraint>

<web-resource-collection>

<web-resource-name>abc</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>testing</role-name>

</auth-constraint>

</security-constraint>

<!-- AUTHENTICATION METHOD: Basic authentication -->

<login-config>

<auth-method>BASIC</auth-method>

</login-config>

Basic User Registry

在server.xml中配置

<basicRegistry id="basic" realm="WebRealm">

<user name="Bob" password="bobpwd" />

<user name="user1" password="user1pwd" />

<user name="user2" password="user2pwd" />

<group name="myAdmins">

<member name="Bob" />

<member name="user1" />

</group>

<group name="users">

<member name="user1" />

<member name="user2" />

</group>

</basicRegistry>
在server.xml的App下配置

<application id="TestEAR" location="TestEAR.ear" name="TestEAR"
type="ear">
<application-bnd>
<security-role name="testing">
<user name="Bob" />
<user name="user1" />
<group name="users" />
</security-role>
</application-bnd>
</application>

LDAP User Registy

参考http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_sec_ldap.html查看具体的配置文档

SAF User Registy （ZOS Only）



//TODO

2 SSL配置

在server.xml中配置

<featureManager>
<feature>ssl-1.0</feature>
</featureManager>

<!-- default SSL configuration is defaultSSLSettings ->
<sslDefault sslRef="defaultSSLSettings" />
<ssl id="defaultSSLSettings"
keyStoreRef="defaultKeyStore"
trustStoreRef="defaultTrustStore"
clientAuthenticationSupported="true" />
<keyStore id="defaultKeyStore"
location="key.jks"
type="JKS" password="defaultPWD" />
<keyStore id="defaultTrustStore"
location="trust.jks"
type="JKS" password="defaultPWD" />

<ssl id="mySSLSettings"
keyStoreRef="myKeyStore"
trustStoreRef="myTrustStore"
clientAuthentication="true" />
<keyStore id="LDAPKeyStore"
location="${server.config.dir}/myKey.p12"
type="PKCS12"
password="{xor}CDo9Hgw=" />
<keyStore id="LDAPTrustStore"
location="${server.config.dir}/myTrust.p12"
type="PKCS12"
password="{xor}CDo9Hgw=" />

其中SSL certificate可以通过工具来创建：

In the Servers view, right-click your Liberty server profile,and selectUtilities >CreateSSL Certificate.
On the Create SSL Certificate page, you can create a defaultsecure socket layer (SSL) certificate to use with your server.

In the Keystore password field,type a password for your SSL certificate.
Click the
Specify validity period (days) field,and specify the number of days you want the certificate to be validfor. Minimum length of time is 365 days.
Click the
Specify subject (DN): field,and provide a value for your SSL subject.

Click
Finish.

这样在/resources/security下一个default key store：key.jks就创建好了

然后在server.xml中配置

<keyStore id="defaultKeyStore" password="keystore_password" />

或者用命令行的方式：

wlp/bin下，

securityUtility createSSLCertificate --server server_name --password your_password

这样在/resources/security下一个default key store：key.jks就创建好了

然后在server.xml中配置

<keyStore id="defaultKeyStore" password="keystore_password" />

数据源配置

1 For DB2

在server.xml中配置

<variable name="DB2_JCC_DRIVER_PATH" value="C:/Drivers/DB2" />
<library id="db2Lib">
<fileset dir="${DB2_JCC_DRIVER_PATH}" includes="db2jcc4.jar
db2jcc_license_cu.jar db2jcc_license_cisuz.jar" />
</library>
<dataSource id="DefaultDB2Datasource" jndiName="jdbc/DefaultDB2Datasource"
statementCacheSize="10"
beginTranForResultSetScrollingAPIs="false"
beginTranForVendorAPIs="false"
connectionSharing="MatchCurrentState"
transactional="false"
syncQueryTimeoutWithTransactionTimeout="false"
isolationLevel="TRANSACTION_READ_COMMITTED"
queryTimeout="10"
>
<jdbcDriver libraryRef="db2Lib"
javax.sql.ConnectionPoolDataSource="com.ibm.db2.jcc.DB2ConnectionPoolDataSource"/>
<properties.db2.jcc
databaseName="TESTDB"
driverType="4"
serverName="localhost"
portNumber="50000"
currentLockTimeout="10"
currentSchema="DBUSER2"
cursorSensitivity="0"
deferPrepares="true"
loginTimeout="0"
resultSetHoldability="1"
retrieveMessagesFromServerOnGetMessage="true"
traceLevel="-1"
user="dbuser2"
password="{xor}LDcfLTo7Oz0="
/>
<connectionManager connectionTimeout="180" maxPoolSize="10" minPoolSize="1" reapTime="180"
maxIdleTime="1800" agedTimeout="7200" purgePolicy="EntirePool"/>
</dataSource>

2 For Derby

在server.xml中配置

<variable name="DERBY_JDBC_DRIVER_PATH" value="C:/Drivers/derby" />
<library id="derbyLib">
<fileset dir="${DERBY_JDBC_DRIVER_PATH}" includes="derby.jar" />
</library>
<dataSource id="DefaultDerbyDatasource" jndiName="jdbc/DefaultDerbyDatasource"
statementCacheSize="10">
<jdbcDriver libraryRef="derbyLib"
javax.sql.ConnectionPoolDataSource="org.apache.derby.jdbc.EmbeddedConnectionPoolDataSource"/>
<properties.derby.embedded
databaseName="C:/myDerby/DefaultDB"
shutdownDatabase="false"
connectionAttributes="upgrade=true"
createDatabase="create"
/>
<connectionManager connectionTimeout="180" maxPoolSize="10" minPoolSize="1" reapTime="180"
maxIdleTime="1800" agedTimeout="7200" purgePolicy="EntirePool" />
</dataSource>

管理

Liberty Profile不像tWAS，它是没有控制台的，所以用户必须借助WebSphere® Application Server Developer Tools for Eclipse或文本编辑器来编辑相应的配置文件，这些配置文件主要为：server.xml和bootstrap.properties以及其他一些包含在这两个主要文件里面的可选文件。

部署

部署应用程序到Liberty Profile上有两种方式：拷贝到dropins目录，或编辑server.xml文件（借助WebSphere® Application Server Developer Tools for Eclipse或文本编辑器）。

参考资料：

WLP在线Info Center：
http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/cwlp_about.html 【理论篇？】
http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.nd.multiplatform.doc/ae/welc6tech_wlp_thr.html 【实践篇？】

新一代轻量级应用服务器 — WebSphere Liberty Profile Server 介绍
http://www.ibm.com/developerworks/cn/websphere/library/techarticles/1207_zhuxl_liberty/1207_zhuxl_liberty.html
wasdev.net页面
https://www.ibmdw.net/wasdev/ 【WAS开发者的社区】