Preparing to deploy the Web Gateway with WebSphere Application Server Community Edition

Use these instructions to set up your environment before deploying the WebSphere® MQ File Transfer Edition Web Gateway enterprise application to WebSphere Application Server Community Edition. Customize the example deployment plan for your environment.

Before you begin

Before configuring or using the Web Gateway, refer to Scenarios for the Web Gateway and How the Web Gateway fits into your WebSphere MQ File Transfer Edition topology. These topics explain the purpose and components of the Web Gateway.

To check that you are using an application server version that is supported for use with the Web Gateway, refer to the web page WebSphere MQ File Transfer Edition System Requirements.

Note: The user that your application server runs as must be the same as, or in the same group as, the user that your web agent runs as.
Before starting your application server setup, complete the following tasks to prepare your WebSphere MQ environment for working with the Web Gateway.
Determine which user ID the application server uses to connect to WebSphere MQ. This user ID must be given the Set identity context permission in your WebSphere MQ environment. For example, if the application server is running as appuser1, who is a member of group appgrp, and connecting to a local WebSphereMQ queue manager called qm1 using a bindings mode connection, then run the following command:
setmqaut -m qm1 -g appgrp +setid -t qmgr
You must also give the user ID the Set identity context permission on the web agent command queue. For example, if the application server is running as appuser1, who is a member of group appgrp, and the web agent is called WEBAGENT and it connects to a local WebSphereMQ queue manager called qm2 using a bindings mode connection, then run the following command:
setmqaut -m qm2 -g appgrp +setid -t queue -n SYSTEM.FTE.COMMAND.WEBAGENT

About this task

WebSphere Application Server Community Edition can be obtained from the following web page: http://www.ibm.com/software/webservers/appserv/community

Before deploying the Web Gateway application, you must set up the dependent components. These components are the WebSphere MQ resource adaptor, a database written to by a WebSphere MQ File Transfer Edition database logger, a database connector, and a security realm. You must also update the web.xml file and the deployment plan for your environment.

The Web Gateway also requires a WebSphere MQ File Transfer Edition web agent installed on the same system as the application and run as the same user, or a user in the same group, as the application server. For instructions on how to create and configure this agent, see fteCreateWebAgent (create a WebSphere MQ File Transfer Edition web agent).

Procedure

  1. Deploy the WebSphere MQ resource adapter. If your WebSphere Application Server Community Edition instance is running on the same system as the WebSphere MQ queue manager that you want to connect to, see Deploying the WebSphere MQ resource adapter on the same system as the application server. If your WebSphere Application Server Community Edition instance is running on a different system from the WebSphere MQ queue manager that you want to connect to, see Deploying the WebSphere MQ resource adapter on a different system from the application server.
  2. Define a database connector to connect to the log database. For more information, see Defining a database connector to connect to the log database.
  3. Define a database connector to connect to the file space database. For more information, see Defining a database connector to connect to the file space database
  4. Define a security realm. For more information, see Defining a security realm.
  5. Update the web.xml file. For more information, see Updating the web.xml file.
  6. Update the openejb-jar.xml file. For more information, see Updating the openejb-jar.xml to configure the Web Gateway to use file spaces.
  7. If you must deploy the Web Gateway in a non-default environment or are using your own security realm, you must either update the supplied deployment plan or provide a separate deployment plan. For more information, see Update the deployment plan.
  8. Optional: If you want to deploy the Web Gateway administrative console in a non-default environment update the supplied deployment plan in the com.ibm.wmqfte.web.admin.war file. For more information, see Update the deployment plan for the administrative console.

Results

You can now deploy the Web Gateway EAR file to the application server. Carry out the steps in the topic Deploying the Web Gateway with WebSphere Application Server Community Edition.

Deploying the WebSphere MQ resource adapter on the same system as the application server

About this task

If your WebSphere Application Server Community Edition instance is running on the same system as the WebSphere MQ queue manager that you want to connect to, perform the following steps to deploy the WebSphere MQ resource adapter.

Procedure

  1. Create a plan file that defines a connection to the queue manager of the source agent. The following example plan file defines a connection to a queue manager called QM_JUPITER.
    <?xml version="1.0" encoding="UTF-8"?> 
    <connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector">
      <resourceadapter>
        <resourceadapter-instance>
          <resourceadapter-name>WMQ</resourceadapter-name>
          <workmanager>
            <gbean-link>DefaultWorkManager</gbean-link>
          </workmanager>
        </resourceadapter-instance>
        <outbound-resourceadapter>
          <connection-definition>
            <connectionfactory-interface>
                    javax.jms.ConnectionFactory
            </connectionfactory-interface>
            <connectiondefinition-instance>
              <name>jms/WMQFTEWebAgentConnectionFactory</name>
              <config-property-setting name="queueManager">
                         QM_JUPITER
              </config-property-setting>
              <config-property-setting name="transportType">
                          BINDINGS
              </config-property-setting>          <connectionmanager>
                <no-transaction />
                <no-pool/>
              </connectionmanager>
            </connectiondefinition-instance>
          </connection-definition>
        </outbound-resourceadapter>
      </resourceadapter>
    </connector>
    To use this plan file in your environment change QM_JUPITER to the name the queue manager of your source agent. The sections of the XML file that must be edited are highlighted in bold typeface.
  2. Open the WebSphere Application Server CE administration console.
  3. From the Common Console Actions list on the Welcome page, click Deploy New Applications > Deploy New.
  4. In the Archive field, type mq-install-root/java/lib/jca/wmq.jmsra.rar
  5. In the Plan field, type the path to the plan file you created in Step 1.
  6. Optional: If you receive the following error: HTTP Status 403 - The request body was too large to be cached during the authentication process, you must increase the maximum post size. On the WebSphere Application Server CE administration console click Server > Web Server > Tomcat Web Connector > Edit and change the value of maxPostSize to -1 (unlimited).

What to do next

Next define a database connector to connect to the log database. For more information, see Defining a database connector to connect to the log database.

Deploying the WebSphere MQ resource adapter on a different system from the application server

About this task

If your WebSphere Application Server Community Edition instance is running on a different system from the WebSphere MQ queue manager that you want to connect to, perform the following steps to deploy the WebSphere MQ resource adapter

Procedure

  1. Create a plan file that defines a connection to the queue manager of the source agent. The following example plan file defines a connection to a queue manager, QM_SATURN, that is located on a different system to your WebSphere Application Server Community Edition installation. The host name of QM_SATURN is saturn.example.com. The port of QM_SATURN is 1415. The channel of QM_SATURN is SYSTEM.DEF.SVRCONN.
    <?xml version="1.0" encoding="UTF-8"?>
    <connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector">
      <resourceadapter>
        <resourceadapter-instance>
          <resourceadapter-name>WMQ</resourceadapter-name>
          <workmanager>
            <gbean-link>DefaultWorkManager</gbean-link>
          </workmanager>
        </resourceadapter-instance>
        <outbound-resourceadapter>
          <connection-definition>
            <connectionfactory-interface>
                        javax.jms.ConnectionFactory
            </connectionfactory-interface>
            <connectiondefinition-instance>
              <name>jms/WMQFTEWebAgentConnectionFactory</name>
              <config-property-setting name="channel">
                          SYSTEM.DEF.SVRCONN
              </config-property-setting>
              <config-property-setting name="queueManager">
                          QM_SATURN
              </config-property-setting>
              <config-property-setting name="hostName">
                          saturn.example.com
              </config-property-setting>
              <config-property-setting name="port">
                          1414
              </config-property-setting>
              <config-property-setting name="transportType">
                          CLIENT
              </config-property-setting>
              <connectionmanager>
                <no-transaction />
                <no-pool/>
              </connectionmanager>
            </connectiondefinition-instance>
          </connection-definition>
        </outbound-resourceadapter>
      </resourceadapter>
    </connector>
    To use this plan file in your environment change QM_SATURN to the name of the queue manager of your source agent. Change the value of the host name, port, and channel to the values for the queue manager of your source agent. The sections of the XML file that must be edited are highlighted in bold typeface.
  2. Copy the file mq-install-root/java/lib/jca/wmq.jmsra.rar from the system where WebSphere MQ is installed to the system where WebSphere Application Server Community Edition is installed.
  3. Open the WebSphere Application Server Community Edition administration console.
  4. From the Common Console Actions list on the Welcome page, click Deploy New Applications > Deploy New.
  5. In the Archive field, type the path to the copy of the wmq.jmsra.rar file that you obtained.
  6. In the Plan field, type the path to the plan file you created.

What to do next

Next define a database connector to connect to the log database. For more information, see Defining a database connector to connect to the log database.

Defining a database connector to connect to the log database

Before you begin

For transfer status information, the Web Gateway application requires access to a database written by a WebSphere MQ File Transfer Edition database logger. Before defining a database connector to this database, you must first set up the database and database logger. For instructions on how to set up the database and use the database logger application, see the topic Configuring a WebSphere MQ File Transfer Edition logger.

About this task

To access this database from within a WebSphere Application Server Community Edition environment, a database connector must be defined. To define a database connector, perform the following steps from the WebSphere Application Server Community Edition administration console:

Procedure

  1. Depending on the level of WebSphere Application Server Community Edition that you are using, from the Console Navigation either select Services > Database Pools, or select Resources > Datasources.
  2. Create a database pool using the Geronimo database pool wizard. In the Name of Database Pool field, type jdbc/wmqfte-database.
  3. For the Database Type select either DB2 XA or Oracle Thin, as appropriate for your database.
  4. Click Next.
  5. In the Driver jar field, select the appropriate jar file for your database.
  6. In the Database Name field, type the name of the database you are connecting to for transfer status information.
  7. In the User Name field, type the user name for connecting to and authenticating with your database.
  8. In the Password and Confirm Password fields, type the password for authenticating with your database.
  9. In the Server Name field, type the host name or IP address of the host that the database driver needs to connect to.
  10. In the Port Number field, type the port number you are using if it is not the default port.
  11. Ensure that the value for Driver Type is 4.
  12. Select XA from the Transaction Type list.
  13. Click Deploy.

What to do next

Next define a database connector to connect to the file space database. For more information, see Defining a database connector to connect to the file space database.

Defining a database connector to connect to the file space database

Before you begin

Before you define this database connector you must create the database and tables that the Web gateway requires to work with file spaces. For more information, see Setting up a database for use with file spaces.

About this task

The Web Gateway application requires access to a database, to store information about the user file spaces that you create and use. This database can be the same database as the database used by the WebSphere MQ File Transfer Edition database logger, which is referred to in Defining a database connector to connect to the log database. Even if you use the same database for your file space information, you must create a second database connector as described in the following steps. To define a database connector, perform the following steps from the WebSphere Application Server Community Edition console:

Procedure

  1. Depending on the level of WebSphere Application Server Community Edition that you are using, from the Console Navigation either select Services > Database Pools, or select Resources > Datasources.
  2. Create a database pool using the Geronimo database pool wizard. In the Name of Database Pool field, type jdbc/wmqfte-filespace.
  3. For the Database Type select either DB2 XA or Oracle Thin, as appropriate for your database.
  4. Click Next.
  5. In the Driver jar field, select the appropriate jar file for your database.
  6. In the Database Name field, type the name of the database you are connecting to for file space information.
  7. In the User Name field, type the user name for connecting to and authenticating with your database.
  8. In the Password and Confirm Password fields, type the password for authenticating with your database.
  9. In the Port Number field, type the port number you are using if it is not the default port.
  10. Ensure that the value for Driver Type is 4.
  11. Select XA from the Transaction Type list.
  12. Click Deploy.

What to do next

Next define a security realm. For more information, see Defining a security realm.

Defining a security realm

About this task

By default, for the Web Gateway application, a security realm called WMQFTESecurityRealm is required. Define the realm with groups named administrators, employees, and managers. Define at least one user for each group. To define a security realm, from the WebSphere Application Server Community Edition administration console:

Procedure

  1. Select Security > Security Realms from the Console Navigation.
  2. On the panel that is displayed, click Add new security realm.
  3. In the Name of Security Realm field, type WMQFTESecurityRealm.
  4. For the Realm Type:
    • If a simple setup is required then perform the following steps:
      1. Create a file that contains user and password information. The format of each line is username=password. For example,
        fteadmin=password1
        fteuser=password2
      2. Create a file that contains group information. The format of each line is group=user,user. For example,
        administrators=fteadmin
        employees=fteadmin,fteuser
        managers=fteuser
      3. For the Realm Type, select Properties File Realm and click Next.
      4. Enter the required information in the following fields.
        Users File URI
        The location of the properties file, created in Step 4a, that contains user and password information. Path separators must be specified as a forward slash (/) character on all platforms. The path to this file is relative to the WebSphere Application Server Community Edition installation directory.
        Groups File URI
        The location of a properties file, created in Step 4b, that contains group information. Path separators must be specified as a forward slash (/) character on all platforms. The path to this file is relative to the WebSphere Application Server Community Edition installation directory.
        Digest Algorithm
        The message digest algorithm used on the passwords. Example values are MD5 andSHA1. Leave this field empty for a simple setup or if no digest algorithm is used.
        Digest Encoding
        The encoding to use for digest algorithms. Example values are hex and base64. This value is only used if a Digest Algorithm is specified. If no encoding is specified, hex is used.
      5. Click the Next button. The Advanced Configuration panel is displayed. Leave the check boxes clear.
      6. Click the Test a login button. On the Test a login panel, enter a valid user name and password for one of the users specified in the file that you defined in the Users File URI field. Click the Next button.
      7. On the panel that is displayed, click the Deploy Realm button.
    • If a more advanced setup is required, see the information in the WebSphere Application Server Community Edition documentation.

What to do next

Next update the web.xml file. For more information, see Updating the web.xml file.

Updating the web.xml file

About this task

Update the WebSphere MQ File Transfer Edition Web Gateway application web.xml file for your environment, using a Java™ SDK jar utility to complete the following steps:

Procedure

  1. Extract the Web Gateway application from the supplied EAR file, com.ibm.wmqfte.web.ear, by running the following command:
    jar -xf com.ibm.wmqfte.web.ear com.ibm.wmqfte.web.war
    The EAR file is located in the install-directory/web directory of the WebSphere MQ File Transfer Edition Server installation.
  2. Extract the WEB-INF/web.xml file from the previously extracted Web Gateway application, com.ibm.wmqfte.web.war, by running the following command:
    jar -xf com.ibm.wmqfte.web.war WEB-INF/web.xml
  3. Use a text editor to edit the extracted WEB-INF/web.xml. Change the following parameters:
    agentName
    Required. The name of the web agent that acts as the source for transfers initiated by the Web Gateway. This agent must be installed on the same system as the application server where you are deploying the Web Gateway application and run as the same user, or a user in the same group, as the application server. For information about how to create this agent, see the topic: fteCreateWebAgent (create a WebSphere MQ File Transfer Edition web agent).

    The agent name is not case-sensitive and must conform to the WebSphere MQ object naming conventions. For more information, see Object naming conventions for WebSphere MQ File Transfer Edition.

    coordinationQMgr
    Required. The name of the coordination queue manager that is used by the Web Gateway for logging of transfer information.
    fileSpaceRoot
    Optional. The root directory path for file spaces created and managed by the Web Gateway. Each file space is located in a subdirectory, under this root directory, with the same name as the file space. If you leave the value of this parameter blank, the application server home directory is used as the default file space root. If you change the value of this parameter after creating file spaces, the location of those file spaces will remain unchanged.
    webGatewayName
    Required. The name of the Web Gateway that you are deploying.

    The name of the Web Gateway is not case-sensitive and must conform to the WebSphere MQ object naming conventions. For more information, see Object naming conventions for WebSphere MQ File Transfer Edition.

    tempFileUploadDir
    Optional. The directory path for the storage of temporary files related to transfers initiated by the Web Gateway. The upload directory for temporary files is used to temporarily store files when they are uploaded to the Web Gateway. When the upload to the Web Gateway is complete, the web agent transfers the files from the upload directory for temporary files to the destination agent. If you do not provide a value for this parameter, the application server temporary directory (the value of java.io.tmpdir) is used.
    maxTempFileUploadSpace
    Optional. The maximum amount of space, in MB, that a user is allowed for storing temporary files related to Web Gateway-initiated transfers. When a user uploads files to an agent they are temporarily stored on the file system until they have been transferred. This parameter can be used to limit the amount of space an upload user can use at any one time. If you do not provide a value for this parameter, the amount of temporary file storage available to a user is unlimited.
    defaultMQMDUserID
    You must map user names to MQMD user IDs. If you do not do this, users cannot perform file transfers using the Web Gateway. There are two ways to map users to MQMD user IDs. You must perform one or both of the following actions:
  4. Update the Web Gateway application with the modified WEB-INF/web.xml, by running the following command:
    jar -uf com.ibm.wmqfte.web.war WEB-INF/web.xml
  5. Update the supplied ear file with the updated Web Gateway application, by running the following command:
    jar -uf com.ibm.wmqfte.web.ear com.ibm.wmqfte.web.war

What to do next

Next update the openejb-jar.xml file. For more information, see Updating the openejb-jar.xml to configure the Web Gateway to use file spaces.

Updating the openejb-jar.xml to configure the Web Gateway to use file spaces

About this task

If you want to use the file space functionality of the Web Gateway, update the WebSphere MQ File Transfer Edition Web Gateway application openejb-jar.xml file for your environment. Use a Java SDK jar utility to complete the following steps:

Procedure

  1. Extract the EJB jar file from the supplied EAR file, com.ibm.wmqfte.web.ear, by running the following command:
    jar -xf com.ibm.wmqfte.web.ear com.ibm.wmqfte.web.mdb.jar
    The EAR file is located in the install-directory/web directory of the WebSphere MQ File Transfer Edition Server installation.
  2. Extract the META-INF/openejb-jar.xml file from the previously extracted EJB jar file, com.ibm.wmqfte.web.mdb.jar, by running the following command:
    jar -xf com.ibm.wmqfte.web.mdb.jar META-INF/openejb-jar.xml
  3. Use a text editor to edit the extracted META-INF/openejb-jar.xml file. Change the following activation-config-property values to match your environment:
    queueManager
    The name of the WebSphere MQ queue manager that is used by the web agent.
    hostName
    The host name to use to connect to the specified WebSphere MQ queue manager.
    transportType
    The connection method used to communicate with the specified WebSphere MQ queue manager. The value of this property can be either CLIENT or BINDINGS.
    port
    The port to use to connect to the specified WebSphere MQ queue manager. This property is only required if the transportType is set to CLIENT.
    channel
    The server channel to use to connect to the specified WebSphere MQ queue manager. This property is only required if the transportType is set to CLIENT.
    destination
    The name of the WebSphere MQ File Transfer Edition Web Gateway queue that is used by the Web Gateway. For example, if your Web Gateway is called JUPITER.GATEWAY, set this property to SYSTEM.FTE.WEB.JUPITER.GATEWAY.
  4. Update the EJB jar file with the modified META-INF/openejb-jar.xml file, by running the following command:
    jar -uf com.ibm.wmqfte.web.mdb.jar META-INF/openejb-jar.xml
  5. Update the supplied ear file with the updated EJB jar file, by running the following command:
    jar -uf com.ibm.wmqfte.web.ear com.ibm.wmqfte.web.mdb.jar

What to do next

Next update the deployment plan. For more information, see Update the deployment plan.

Update the deployment plan

About this task

If you must deploy the Web Gateway for a non-default environment or are using your own security realm, you must either update the supplied deployment plan or provide a separate deployment plan. The supplied deployment plan is in the Web Gateway application file com.ibm.wmqfte.web.war, in the file WEB-INF/geronimo-web.xml. Update the supplied deployment plan for your environment, using a Java SDK jar utility to complete the following steps:

Procedure

  1. Extract the Web Gateway application from the supplied EAR file, com.ibm.wmqfte.web.ear, by running the following command:
    jar -xf com.ibm.wmqfte.web.ear com.ibm.wmqfte.web.war
    The EAR file is located in the install-directory/web directory of the WebSphere MQ File Transfer Edition Server installation.
  2. Extract the WEB-INF/geronimo-web.xml file from the previously extracted Web Gateway application, com.ibm.wmqfte.web.war, by running the following command:
    jar -xf com.ibm.wmqfte.web.war WEB-INF/geronimo-web.xml
  3. Use a text editor to edit the extracted WEB-INF/geronimo-web.xml. The following example deployment plan shows a sample security configuration for WebSphere Application Server Community Edition:
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <!--  Licensed Materials - Property of IBM  Copyright IBM Corp. 2010, 2018. All Rights Reserved.
          US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.   -->
    <web:web-app xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0" 
                 xmlns:client="http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0" 	
                 xmlns:conn="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2" 	
                 xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" 
                 xmlns:ejb="http://openejb.apache.org/xml/ns/openejb-jar-2.2" 	
                 xmlns:name="http://geronimo.apache.org/xml/ns/naming-1.2" 
                 xmlns:pers="http://java.sun.com/xml/ns/persistence" 	
                 xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1" 
                 xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" 	
                 xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"> 	
      <dep:environment> 		
        <dep:moduleId>
          <dep:groupId>ibm</dep:groupId> 			
          <dep:artifactId>com.ibm.wmqfte.web.war</dep:artifactId>
          <dep:version>7.0.4.6</dep:version> 			
          <dep:type>car</dep:type>
        </dep:moduleId>
        <dep:dependencies>
          <dep:dependency>
            <dep:artifactId>wmq.jmsra.rar</dep:artifactId> 				
            <dep:type>rar</dep:type> 			
          </dep:dependency> 		
        </dep:dependencies>
      </dep:environment>
      <web:context-root>/wmq</web:context-root>
      <!--      Sample security configuration for WAS CE deployment               -->
      <!-- With the following settings, WAS must be configured as follows:        -->
      <!-- 1 - A security realm must be defined called 'WMQFTESecurityRealm'      -->
      <!-- 2 - For each group add a <sec:principal> element into each <sec:role>  -->
      <!--     for the roles required for that group.  For example:               -->
      <!--  <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="[Group Name]"/> --> 	 	
      <web:security-realm-name>WMQFTESecurityRealm</web:security-realm-name>
      <sec:security>
        <sec:role-mappings>
          <sec:role role-name="wmqfte-admin">
            <!-- Add groups here that are to have the highest administration roles -->        
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
                           name="administrators"/>
          </sec:role>
          <sec:role role-name="wmqfte-filespace-create">
            <!-- Add groups here that are to have the ability to create a file space  -->        
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
                           name="managers"/>                 
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
                           name="administrators"/>
          </sec:role>
          <sec:role role-name="wmqfte-filespace-modify">
            <!-- Add groups here that are to have the ability to modify properties of a file space  -->        
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
                           name="managers"/>
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
                           name="administrators"/>
          </sec:role>
          <sec:role role-name="wmqfte-filespace-permissions">
            <!-- Add groups here that are to have the ability to modify the user permissions of a file space  -->
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
                           name="managers"/>
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
                           name="employees"/>
          </sec:role>
          <sec:role role-name="wmqfte-filespace-delete">
            <!-- Add groups here that are to have the ability to delete a file space  -->
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
                           name="administrators"/>
          </sec:role>
          <sec:role role-name="wmqfte-agent-upload">
            <!-- Add groups here that are to have the ability to upload a file to a file space  -->
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
                           name="employees"/>
          </sec:role>
          <sec:role role-name="wmqfte-filespace-user">
            <!-- Add groups here that are to have the ability to view information from a file space  -->                 
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
                           name="employees"/>
          </sec:role>                          
          <sec:role role-name="wmqfte-audit">
            <!-- Add groups here that are to have the ability to view information from the transfer logs  -->                 
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
                           name="employees"/>             
          </sec:role>                      
        </sec:role-mappings>     
      </sec:security>
    </web:web-app> 

    Add groups into the sections of the XML file highlighted in bold typeface to give the groups permission to perform certain actions. For more information about Web Gateway roles, see the topic User roles for the Web Gateway.

    If you are using your own security realm update the deployment plan web:security-realm-name element to reference that realm and update the roles to reference a group name that is defined for the realm.
  4. Optional: If you want to use a non-default context root for your Web Gateway, you can edit the <web:context-root> element in the WEB-INF/geronimo-web.xml file.
  5. Update the Web Gateway application with the modified WEB-INF/geronimo-web.xml, by running the following command:
    jar -uf com.ibm.wmqfte.web.war WEB-INF/geronimo-web.xml
  6. Update the supplied ear file with the updated Web Gateway application, by running the following command:
    jar -uf com.ibm.wmqfte.web.ear com.ibm.wmqfte.web.war

What to do next

Next, if you are using a non-default context root, update the deployment plan. For more information, see Update the deployment plan for the administrative console.

Update the deployment plan for the administrative console

About this task

You can use the Web Gateway administrative console to manage file spaces and user mappings from a web browser. For more information, see Web Gateway administrative console.

If you want to deploy the Web Gateway administrative console with a non-default context root, you must update the supplied deployment plan to contain the non-default context root. The supplied deployment plan is in the administrative console application file com.ibm.wmqfte.web.admin.war, in the file WEB-INF/geronimo-web.xml. Update the supplied deployment plan for your environment, using a Java SDK jar utility to complete the following steps:

Procedure

  1. Extract the administrative console application from the supplied EAR file, com.ibm.wmqfte.web.ear, by running the following command:
    jar -xf com.ibm.wmqfte.web.ear com.ibm.wmqfte.web.admin.war
    The EAR file is located in the install-directory/web directory of the WebSphere MQ File Transfer Edition Server installation.
  2. Extract the WEB-INF/geronimo-web.xml file from the previously extracted administrative console application, com.ibm.wmqfte.web.admin.war, by running the following command:
    jar -xf com.ibm.wmqfte.web.admin.war WEB-INF/geronimo-web.xml
  3. Use a text editor to edit the extracted WEB-INF/geronimo-web.xml. The following example deployment plan shows a sample security configuration for WebSphere Application Server Community Edition:
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <!--  Licensed Materials - Property of IBM  Copyright IBM Corp. 2010, 2018. All Rights Reserved.
          US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.   -->
    <web:web-app xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0" 
                 xmlns:client="http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0" 	
                 xmlns:conn="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2" 	
                 xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" 
                 xmlns:ejb="http://openejb.apache.org/xml/ns/openejb-jar-2.2" 	
                 xmlns:name="http://geronimo.apache.org/xml/ns/naming-1.2" 
                 xmlns:pers="http://java.sun.com/xml/ns/persistence" 	
                 xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1" 
                 xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" 	
                 xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"> 	
      <dep:environment> 		
        <dep:moduleId>
          <dep:groupId>ibm</dep:groupId> 			
          <dep:artifactId>com.ibm.wmqfte.web.admin.war</dep:artifactId>
          <dep:version>7.0.3.0</dep:version> 			
          <dep:type>car</dep:type>
        </dep:moduleId>
       </dep:environment>
      <web:context-root>/wmqfteconsole</web:context-root>
      <web:security-realm-name>WMQFTESecurityRealm</web:security-realm-name>
    </web:web-app> 

    Edit the text in the XML file that is highlighted in bold typeface to change the context root of the administrative console.

  4. Update the Web Gateway application with the modified WEB-INF/geronimo-web.xml, by running the following command:
    jar -uf com.ibm.wmqfte.web.admin.war WEB-INF/geronimo-web.xml
  5. Update the supplied ear file with the updated Web Gateway application, by running the following command:
    jar -uf com.ibm.wmqfte.web.ear com.ibm.wmqfte.web.admin.war

Task Task

Feedback

Timestamp icon Last updated: Tuesday, 30 January 2018
http://www.ibm.com/support/knowledgecenter/SSEP7X_7.0.4/com.ibm.wmqfte.doc/web_was_ce_prep.htm