AEGIS.net, Inc.

triangledriprockInternet and Web Development

Aug 7, 2012 (5 years and 2 months ago)

424 views

Connect Platform Port from Sun Glassfish to IBM WebSphere


CONNECT Code
-
A
-
Thon
-

September 21
-
22, 2010

1

AEGIS.net, Inc.
-

Powerful Results. Delivered.
SM


About AEGIS


Introductions


The Mission (Why?)


The Plan (How?)


Successes/Challenges (Lessons)


CONNECT Changes (Coding/Deployment)


CONNECT Integration (Make It Official)


Incomplete Tasks (Testing!)


Demo


Open Discussion (Q&A)

AEGIS.net, Inc.
-

Powerful Results. Delivered.
SM

2


Founded in 1996


Based in Rockville, MD


ISO 9001:2008 Certified


Rated CMMI Dev v1.2 Maturity Level 3


SBA Registered Small Business


GSA Schedule 70 Contract #GS
-
35F0125S


Facilities Clearance:
DoD

Secret

AEGIS.net, Inc.
-

Powerful Results. Delivered.
SM

3

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

4


Challenged by potential Federal/Commercial
Health IT projects requiring NHIN Gateways
which run on Production supported platforms
-

AEGIS undertook an R&D effort to evaluate the
feasibility of porting Connect 2.4.x to IBM
WebSphere.



While not 100% complete
-

the effort has
achieve an initial answer
-

Yes, Connect can run
on IBM
WebSphere
.

AEGIS.net, Inc.
-

Powerful Results. Delivered.
SM

5

AEGIS.net, Inc.
-

Powerful Results. Delivered.
SM

6

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

7

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

8


Entrust Certificates


Metro 1.5


Web Service Endpoint Re
-
definition


Deployment / Un
-
deployment


IBM WebSphere Installation


Environment


IBM WebSphere generates PKCS12
keystores

[P12] by default with a self
-
signed certificate
for the current machine.


CONNECT 2.4.x uses Sun Java
keystores

[JKS]


IBM JDK doesn’t like Sun Java
keystores


Need to import the Entrust certificates into
IBM Java
keystores


Implement “Configuring FIPS JSSE files”,
ensure FIPS 140
-
2 compliance

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/c
om.ibm.websphere.nd.doc/info/ae/ae/tsec_fips.html



AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

9


Lots of forum discussions


does it or doesn’t
it work?


Yes, if you do this…


Disable IBM’s default AXIS service:

com.ibm.websphere.webservices.DisableIBMJAXWSEngine


Place the Metro libraries in your web application
deployment


WEB
-
INF/lib


Configure IBM WebSphere
Classloader

for each web
application to “Parent Last”; i.e. Application First

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

10


The Metro 1.5 web services stack (in IBM
WebSphere) requires all endpoints definitions
in a “sun
-
jaxws.xml” configuration file


Glassfish auto
-
generates the required
artifacts

; IBM WebSphere does not


AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

11


Current deployment method uses “
wsadmin

command line tool with
jacl

script


CONNECT modules are deployed using
current order


Un
-
deployment (un
-
install) must occur in
reverse order to insure proper “clean up” of
registered web services / endpoints

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

12


IBM WebSphere version is 7.0.0 with Fix Pack 9


Installation type is “Application Server”; i.e.
stand
-
alone


Do we need to support version 6.1.x?


Configuration and testing of other installation
types is needed

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

13


Running on DELL PE R710 Dual Processor, 48
Gb

RAM


Windows 2003 Server x64


IBM WebSphere 7.0.0 64
-
bit, Fix pack 9


IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 amd64
-
64 jvmwa6460sr7
-
20100219_54049

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

14


IBM vs. Sun JDK
(we’re not in Kansas anymore)


Hard
-
coded Internal Endpoint URLs


Metro 1.5 Configuration


Endpoint Configuration


WSDL File Names


Web Applications


Java Server Faces


Log4J Implementation

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

15


Sun JDK packages not available in IBM JDK


com.sun.org.apache.xerces.internal.dom


Per Sun documentation, the internal packages should not be used
and may be removed in a future release


Solution: This package was found to be not needed as the
org.apache.xerces.dom

package provides the required classes


sun.security.x509


This is a Sun JDK only package


Solution: Re
-
code to use IBM JDK package
com.ibm.security.x509


Both issues isolated to one project and class


NhincCommonLib


gov.hhs.fha.nhinc.saml.extraction.SamlTokenExtractor

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

16

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

17


18 hard
-
coded endpoints in 2.4.8 code base


Example


Patient Discovery


GatewayInternalComponentProxy

project


gov.hhs.fha.nhinc.patientcorrelationfacade.helper.TransformHelper


http://localhost:
8080
/CONNECTGatewayInternal/GatewayService/Patien
tCorrelationFacadeDteService


Need a way to dynamically assign port numbers or
entire URL


e.g. use
gateway.properties


Down to 5 hard
-
coded endpoints in 3.1 code
base


AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

18


Need new entry in web.xml


<listener>


<listener
-
class>
com.sun.xml.ws.transport.http.servlet.WSServletContextListener


</listener
-
class>


</listener>


<servlet>


<servlet
-
name>
MetroLibraryPort
</servlet
-
name>


<display
-
name>
MetroLibraryService
</display
-
name>


<description>Endpoint for Metro Library Service</description>


<servlet
-
class>
com.sun.xml.ws.transport.http.servlet.WSServlet
</servlet
-
class>


<load
-
on
-
startup>1</load
-
on
-
startup>


</servlet>


<servlet
-
mapping>


<servlet
-
name>
MetroLibraryPort
</servlet
-
name>


<
url
-
pattern>/</
url
-
pattern>


</servlet
-
mapping>

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

19


Comment or remove the servlet mappings in
“web.xml”

f潲⁡汬
the endpoints and re
-
define them in “
sun
-
jaxws.xml
µ?

<!
--

Commented
web.xml
servlet


<servlet>


<servlet
-
name>
DocumentRegistryService
</servlet
-
name>


<servlet
-
class>
gov.hhs.fha.nhinc.document.DocumentRegistryService
</servlet
-
class>


</servlet>


<servlet
-
mapping>


<servlet
-
name>
DocumentRegistryService
</servlet
-
name>


<
url
-
pattern>/
DocumentRegistry_Service
</
url
-
pattern>


</servlet
-
mapping>

--
>



<!
--

New endpoint in
sun
-
jaxws.xml

--
>

<endpoints
xmlns
="http://java.sun.com/xml/ns/jax
-
ws/ri/runtime" version="2.0">


<endpoint name="
DocumentRegistryService
"


implementation="
gov.hhs.fha.nhinc.document.DocumentRegistryService
"


url
-
pattern="/
DocumentRegistry_Service
"


wsdl
-
location="WEB
-
INF/
wsdl
/
DocumentRegistryService
/
AdapterComponentDocRegistry.wsdl
"/>




</endpoints>


AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

20


The IBM WebSphere application server does
not “like” the same named WSDL file to be
used in multiple web service endpoints.


Example from
AdapterWeb


<endpoint name="
ProxyHiemSubscribe
"


implementation="
gov.hhs.fha.nhinc.hiem.entity.proxy.ProxyHiemSubscribe
"


url
-
pattern="/
NhincProxyNotificationProducer
"


wsdl
-
location="WEB
-
INF/
wsdl
/
ProxyHiemSubscribe
/
NhincProxySubscriptionManagement.wsdl
"/>


<endpoint name="
ProxyHiemUnsubscribe
"


implementation="
gov.hhs.fha.nhinc.hiem.entity.proxy.ProxyHiemUnsubscribe
"


url
-
pattern="/
NhincProxySubscriptionManager
"


wsdl
-
location="WEB
-
INF/
wsdl
/
ProxyHiemUnsubscribe
/
NhincProxySubscriptionManagement.wsdl
"/>


AEGIS.net, Inc.
-

Powerful Results. Delivered.
SM

21


The web applications use JSF libraries of
which one, “
jsf
-
impl.jar
µ??LV?DOUHDG\?LQ?WKH?,%0?
WebSphere libraries


Current workaround to avoid this conflict is
to simply remove this library from the web
application’s WEB
-
INF/lib folder


Follow instructions on the IBM WebSphere 7
Information Center site:

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.we
bsphere.nd.doc/info/ae/ae/ttrb_classload_jcl.html


Minor change


based on the version of Log4J
deployed in the CONNECT modules


The log class to assign is

org.apache.commons.logging.impl.Log4JLogger

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

22

AEGIS’ Goal


Helping the CONNECT community integrate
these changes into the core product


Provide development platform(s)


Provide testing and integration


Etc.

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

23


We are not production ready yet


This effort was a “see if it can be done”


Now that we know it can, we need to move to the
next level


Automated build process integration


Full regression testing


NHIN Conformance testing


Performance and Stress testing


24/48/96 hour Burn
-
In


Clustering


Etc.



AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

24


Stand
-
alone installation


Successful Deployment and Server Start Up


Updated
SoapUI

Tests


Gateway to Gateway (2 Servers)


WebSphere to Glassfish


WebSphere to
WebSphere

AEGIS.net, Inc.
-

Powerful Results. Delivered.SM

25


AEGIS.net, Inc.
-

Powerful Results. Delivered.
SM

26