You can deploy the sample application into the WebSphere® Application Server environment.
Before you begin
Using Enterprise Identity Mapping (EIM) identity token connection
factories requires that
WebSphere Application Server administrative
security be enabled. However, no restrictions or limitations exist
on how you choose to configure administrative security.
Before
you deploy the sample application, you must enable WebSphere Application Server administrative
security. This step is not required if you already have administrative
security enabled for your WebSphere Application Server profile. For more
information on how to configure security, see Enabling security.
About this task
The source code files that are used to implement the sample
application are contained in the testIdentityToken.ear file
and can be used as a model for creating your own applications.
The
com.ibm.identitytoken.IdentityTokenTest class is a servlet in the
sample application. After the application is deployed, the source
code file for the IdentityTokenTest servlet is in this directory:
profile_root/installedApps/testIdentityToken.ear/testIdentityTokenWeb.war
/WEB-INF/source/com/ibm/identityToken/IdentityTokenTest.java
Note
the IdentityTokenTest servlet design features when you implement your
own application.
- A profile variable with a String type and the name, sourceApplicationID,
is set in the init method of the IdentityTokenTest servlet. This variable
is later used with the setSourceApplicationID method of a ConnectionSpecImpl
object to uniquely identify the application to Enterprise Identity
Mapping (EIM). When you implement your own applications, use a similar
convention to assign a unique SourceApplicationID ID.
- After an identity token is generated, it is used to create a com.ibm.as400.access.AS400
object, which is stored in an HTTPSession object immediately after
the AS400 object is used to run the OS/400® server
command on the selected host server. Only the AS400 object persists
across requests to the server (not the IdentityToken object), which
provides improved performance for subsequent requests, and the identity
token does not expire.
The following steps help you deploy the sample application
into the WebSphere Application Server environment.
Procedure
- Restart your application server.
- Deploy the sample application.
- In the WebSphere Application Server administrative
console, click Applications > Install applications.
- Select Local path if you have a drive mapped
to your iSeries® server. Otherwise, select Server
path.
- Specify the path name or browse to the path name for
the testidentitytoken.ear enterprise archive (EAR) file. This file is found in the /QIBM/ProdData/OS400/security/eim/ directory
on your server.
- Click Next.
- Optional: Change the virtual host values.
- Click Next.
- Select your installation options, and click Next.
- Decide whether to map modules to servers and click Next.
- Select your module in the Map resource references to
resources panel and click Next.
- Optional: Change the Java Naming
and Directory Interface (JNDI) name for the eis/IdentityToken_Shared_Reference reference
binding . Do this step if you configured your connection
factory with a JNDI name other than eis/IdentityToken.
- Accept the default values for the remainder of the panels
and click Next.
- On the Summary panel, click Finish.
- Expand System administration and click Save
Changes to Master Repository.
- Click Save.
- Run the sample application.
- In the WebSphere Application Server administrative
console, click Applications > Enterprise applications.
- Select the testIdentityToken application.
- Click Start.
- Open a new session of your web browser.
- If you mapped the sample application web module to an
external web server, refresh your WebSphere Application Server web server plug-in.
To refresh the web server plug-in, perform the following
steps:
- Click Servers > Web servers > Web_server_name.
- Click Generate Plug-in.
- Specify the application welcome page from your web browser. Use the following web address:
http://your.server.name:port/testIdentityTokenWeb/IDTknTest.jsp
The your.server.name and port variables
are the values for your external web server or internal HTTP transport
(WebSphere Application Server container).
- Specify a value for OS/400 host
system name and for OS/400 command. For
example, if you have EIM configured for the my_server server, specify my_server in
the OS/400 host system name field. Specify crtlib
my_library in the OS/400 command field.
- Click Submit.
- Specify a user ID and password at the login prompt.
After you click Submit, the request is sent to the
IdentityTokenTest servlet, which is protected by the allUsers role.
The allUsers role is bound to the AllAuthenticated special subject
so any user in the WebSphere Application Server user
registry is authorized to access the IdentityTokenTest servlet.
- Click OK. If you specified my_library,
the response is similar to the following example:
Library my_library created.
- Verify that the library is created under the user profile
that is mapped by EIM:
- From a CL command line, enter wrklnk '/QSYS.LIB/my_library.lib'.
- On the Work with Object Links screen, enter 8 in the
option field to the left of my_library.lib.
- Verify that the value of the Owner attribute for the my_library library
is the user profile that is mapped by EIM.