Installing application(EAR/WAR) thru wsadmin

Posted By Sagar Patil

The isAppReady command returns a value of true if the system is ready to start the application, or a value of false if the system is not ready to start the application, as the following examples display:

[was61@waslogs]$ /opt/IBM/WebSphere/AppServer/profiles/Profile01/dmgr/bin/wsadmin.sh -conntype SOAP -lang jython
WASX7209I: Connected to process “dmgr” on node Prod_Node_Manager using SOAP connector;  The type of process is: DeploymentManagerWASX7031I: For help, enter: “print Help.help()”
wsadmin>AdminApp.isAppReady(‘application1′);

ADMA5071I: Distribution status check started for application prpc_j2ee14.
WebSphere:cell=Prod_Node_Cell,node=Prod_Node_Node01,distribution=true,expansion=notprocessing
ADMA5011I: The cleanup of the temp directory for application prpc_j2ee14 is complete.
ADMA5072I: Distribution status check completed for application prpc_j2ee14.
‘true’

getDeployStatus command to display additional information about the binary file expansion status, as the following examples display:

[was61@Prod_Node waslogs]$ /opt/IBM/WebSphere/AppServer/profiles/Profile01/dmgr/bin/wsadmin.sh -conntype SOAP -lang jython
WASX7209I: Connected to process “dmgr” on node Prod_Node_Manager using SOAP connector;  The type of process is: DeploymentManager
wsadmin>AdminApp.getDeployStatus(‘application1′);
ADMA5071I: Distribution status check started for application application.
WebSphere:cell=Prod_Node_Cell,node=Prod_Node_Node01,distribution=true,expansion=notprocessing
ADMA5011I: The cleanup of the temp directory for application application is complete.
ADMA5072I: Distribution status check completed for application application.
‘WebSphere:cell=Prod_Node_Cell,node=Prod_Node_Node01,distribution=true,expansion=notprocessing’

Let’s deploy an Application called “application1″

1. wsadmin>AdminApp.update(‘application1′, ‘app’, ‘[-operation update -contents /tmp/Application1.ear -usedefaultbindings -nodeployejb ]‘);

ADMA0073W: Custom permissions are found in the [(com.ibm.websphere.security.WebSphereRuntimePermission AdminPermission), (com.ibm.oti.shared.SharedClassPermission

// One cannot grant permissions to code outside of the deployed application via the WAS policy
ADMA5017I: Uninstallation of Application1 started.
ADMA5104I: The server index entry for WebSphere:cell=server_Cell,node=server_Node01 is updated successfully.
ADMA5106I: Application Application1 uninstalled successfully.
ADMA5016I: Installation of Application1 started.
ADMA5001I: The application binaries are saved in /opt/IBM/WebSphere/AppServer/profiles/Profile01/dmgr/wstemp/Script12b3ee78983/workspace/cells/server_Cell/applications/Application1.ear/Application1.ear
ADMA5005I: The application Application1 is configured in the WebSphere Application Server repository.
SECJ0400I: Successfuly updated the application Application1 with the appContextIDForSecurity information.
ADMA5011I: The cleanup of the temp directory for application Application1 is complete.
ADMA5013I: Application Application1 installed successfully.

2. wsadmin>AdminConfig.save();


wsadmin>AdminApp.update('prpc_j2ee14', 'app', '[-operation update -contents /tmp/prpc_j2ee14.ear -usedefaultbindings -nodeployejb ]‘);
ADMA0073W: Custom permissions are found in the [(com.ibm.websphere.security.WebSphereRuntimePermission AdminPermission), (com.ibm.oti.shared.SharedClassPermission com.pega.pegarules.internal.bootstrap.PRBaseLoader read,write), (com.ibm.oti.shared.SharedClassPermission com.pega.pegarules.bootstrap.loader.PRAppLoader read,write), (com.ibm.oti.shared.SharedClassPermission com.pega.jasper.PegaURLClassLoader read,write), (com.ibm.websphere.security.WebSphereRuntimePermission accessRuntimeClasses)] policy file. Custom permissions can compromise the integrity of Java 2 Security.
WASX7327I: Contents of was.policy file:
// was.policy
// $Id: was.policy,v 1.1.4.1 2008/05/16 19:26:53 olsok Exp $
// ============================================================================
// 16-May-08    olsok           Bug-14175       always enable SharedClassPermission
//                                                                              enable ManagementPermission for JVM memory monitoring
// 08-Jun-07    olsok           Code-323        update for PegaRULES 5.4
// 15-Nov-05    ablal           R-18775         moved moved connectorComponent permissions into ra1-5.xml
//                                                                              after installing WS 6.0.2.3
// 14-Sep-05    GajnJ                                   Add write/delete privileges for the root temp dir
// 15-Aug-05    olsok           R-18694         adapt for WebSphere 6.0.2
// 12-Aug-05    olsok           R-18694         adjusted based on classloader changes
// 11-Aug-05    olsok           R-18694         configure PegaRULES permissions

// The PegaRULES polices coded in this file assume that the PegaRULES
// application is deployed as a standard ear file in the standard WebSphere
// location.
//
// PegaRULES policies use the following variables that should be supplied
// as Java system properties at runtime:
//              java.home                               (Standard Java property)
//              java.io.tmpdir                  (Standard Java property)
//              user.home                               (Standard Java property)
//              was.install.root                (Standard WebSphere property)
//              was.module.path                 (Standard WebSphere embedded symbol)
//              app.installed.path              (Standard WebSphere embedded symbol)
//              pega.tmpdir                             path to writable temp directory that PegaRULES
//                                                              should use (as specified in prconfig.xml), using
//                                                              host-specific path delimiters

// ========================================================================================
// PegaRULES V5.4 configuration follows (08-Jun-2007)
// (assumes use of jdbc drivers supplied by WebSphere)

// Note – with PegaRULES 5.4, must use “application” rather than “jars”.
grant codebase “file:${application}” {
// the following needed to resolve host ip address – these permissions
// are automatically provided by WebSphere even if not listed here
//permission java.net.SocketPermission “localhost:1024-”, “listen,resolve”;
//permission java.net.SocketPermission “*”, “connect,resolve”;

// the following needed to access properties that control startup and configuration
permission java.util.PropertyPermission “*”, “read,write”;

// the following needed for MBean support
permission com.ibm.websphere.security.WebSphereRuntimePermission “AdminPermission”;
permission javax.management.MBeanTrustPermission “register”;
permission javax.management.MBeanServerPermission “findMBeanServer”;
permission javax.management.MBeanPermission “*#*[]“, “queryNames”;
permission javax.management.MBeanPermission “com.pega.*#*[]“, “registerMBean”;
permission javax.management.MBeanPermission “com.pega.*#*[]“, “isInstanceOf”;
permission javax.management.MBeanPermission “com.pega.*#*[]“, “getMBeanInfo”;
permission javax.management.MBeanPermission “com.pega.*#*[]“, “unregisterMBean”;
permission javax.management.MBeanPermission “com.pega.*#*[]“, “addNotificationListener”;

// the following needed to monitor JVM events for low memory alerts / tracebacks
permission java.lang.management.ManagementPermission “control”;

// the following permissions may be granted to PRBaseLoader, PRAppLoader and other URL-based classloaders within PegaRULES to
// avoid a security exception being reported in the console log when the respective classloader constructor is invoked. The
// PRBaseLoader and PRAppLoader are explicitly coded to avoid class sharing via this mechanism in the IBM JVM but there is
// no mechanism provided by IBM for programatically disabling the use of shared classes in a classloader that
// extends URLClassLoader.
permission com.ibm.oti.shared.SharedClassPermission “com.pega.pegarules.internal.bootstrap.PRBaseLoader”, “read,write”;
permission com.ibm.oti.shared.SharedClassPermission “com.pega.pegarules.bootstrap.loader.PRAppLoader”, “read,write”;
// Be sure to grant the permission to the classloader used within Jasper – a new instance of this classloader is
// created for each stream, and the lack of the shared class permission will fill the log file with security exceptions
permission com.ibm.oti.shared.SharedClassPermission “com.pega.jasper.PegaURLClassLoader”, “read,write”;

// the following needed by PRBaseLoader, PRAppLoader and other classloaders within PegaRULES
permission java.lang.reflect.ReflectPermission “suppressAccessChecks”;
permission java.util.logging.LoggingPermission “control”;
permission java.lang.RuntimePermission “createClassLoader”;
permission java.lang.RuntimePermission “accessDeclaredMembers”;
permission java.lang.RuntimePermission “getClassLoader”;
permission java.lang.RuntimePermission “getProtectionDomain”;
permission java.security.SecurityPermission “getPolicy”;
permission java.lang.RuntimePermission “accessClassInPackage.sun.util.logging.resources”;

// the following needed by Jasper and PegaRULES classloaders
permission java.lang.RuntimePermission “setContextClassLoader”;

// the following needed by Jasper
permission java.lang.RuntimePermission “setIO”;

// the following needed by performance timers
permission java.lang.RuntimePermission “accessClassInPackage.sun.misc”;         // when using Java 5 management APIs
permission java.lang.RuntimePermission “sun.misc.Perf.getPerf”;
// (WebSphere will not substitute app.installed.path in a RuntimePermission, only a FilePermission
// so the permission grant to load the library cannot be restricted to the single library we require.)
permission java.lang.RuntimePermission “loadLibrary.*”;
//permission java.lang.RuntimePermission “loadLibrary.${app.installed.path}${/}APP-INF${/}binredist${/}x86${/}pr3native.dll”;
//permission java.lang.RuntimePermission “loadLibrary.${app.installed.path}${/}APP-INF${/}binredist${/}ppc${/}pr3native.so”;
//permission java.lang.RuntimePermission “loadLibrary.${app.installed.path}${/}APP-INF${/}binredist${/}sparc${/}pr3native.so”;

// the following needed by LibraryUtil
permission java.lang.RuntimePermission “accessClassInPackage.sun.reflect”;

// the following needed by Log4J asynch appenders and resource adapter timer thread
permission java.lang.RuntimePermission “modifyThreadGroup”;
permission java.lang.RuntimePermission “modifyThread”;

// the following needed for server identification display
permission com.ibm.websphere.security.WebSphereRuntimePermission “accessRuntimeClasses”;
permission java.io.FilePermission “${was.install.root}”, “read”;
permission java.io.FilePermission “${was.install.root}${/}-”, “read”;

// WebSphere establishes a protection domain based on the jar file in which the
// class performing the operation resides, and does not grant permission to
// read other jar files under the deployment. The following addresses that issue.
permission java.io.FilePermission “${app.installed.path}${/}-”, “read”;                 // IMPLIED by was.install.root read permission

// the following needed to probe for user-specific prconfig/prlogging files
permission java.io.FilePermission “${user.home}${/}*”, “read”;

// the following needed for access to relocated temp and root directories
permission java.io.FilePermission “${pega.tmpdir}”, “read,write,delete”;
permission java.io.FilePermission “${pega.tmpdir}${/}-”, “read,write,delete”;

// the following needed for WebSphere SQL/Server jdbc drivers
permission java.io.FilePermission “${java.io.tmpdir}${/}-”, “read,write,delete”;

// the following needed for the embedded Eclipse compiler — IMPLIED by was.install.root read permission provided that java.home is under was.install.root
//permission java.io.FilePermission “${java.home}”, “read”;
//permission java.io.FilePermission “${java.home}${/}-”, “read”;

// needed when using container managed security
permission javax.security.auth.AuthPermission “getSubject”;

};

// One cannot grant permissions to code outside of the deployed application via the WAS policy
// file. PRClassLoader uses a set of hard-coded permissions for all (assembled/generated) code
// loaded by it.

ADMA5017I: Uninstallation of prpc_j2ee14 started.
ADMA5104I: The server index entry for WebSphere:cell=eugbbopg03lt_Cell,node=eugbbopg03lt_Node01 is updated successfully.
ADMA5102I: The configuration data for prpc_j2ee14 from the configuration repository is deleted successfully.
ADMA5011I: The cleanup of the temp directory for application prpc_j2ee14 is complete.
ADMA5106I: Application prpc_j2ee14 uninstalled successfully.
ADMA5016I: Installation of prpc_j2ee14 started.
ADMA5058I: Application and module versions are validated with versions of deployment targets.
ADMA5005I: The application prpc_j2ee14 is configured in the WebSphere Application Server repository.
ADMA5053I: The library references for the installed optional package are created.
ADMA5005I: The application prpc_j2ee14 is configured in the WebSphere Application Server repository.
ADMA5001I: The application binaries are saved in /opt/IBM/WebSphere/AppServer/profiles/Profile01/dmgr/wstemp/Script12b3ee78983/workspace/cells/eugbbopg03lt_Cell/applications/prpc_j2ee14.ear/prpc_j2ee14.ear
ADMA5005I: The application prpc_j2ee14 is configured in the WebSphere Application Server repository.
SECJ0400I: Successfuly updated the application prpc_j2ee14 with the appContextIDForSecurity information.
ADMA5011I: The cleanup of the temp directory for application prpc_j2ee14 is complete.
ADMA5013I: Application prpc_j2ee14 installed successfully.

wsadmin>AdminConfig.save();

Leave a Reply

You must be logged in to post a comment.

Top of Page

Top menu