This chapter describes how to create and configure a WebApp component.
Topics
• Creating a WebApp Component, page 6
• Configuring a WebApp Component, page 8
• Configuring a WebApp Component Using Web.xml, page 10
• Configuring a WebApp Component's Custom Feature, page 12
• Configuring a WebApp Component’s External Custom Feature, page 13
• Adding/Configuring a WebApp Component’s Security, page 14
• Updating a WebApp Component, page 19
• ZeroConfiguration DAA Creation Using WAR, page 20
6
|
Chapter 2 WebApp ComponentsCreating a WebApp Component
Creating an SOA Project To create a new SOA project:
1. Select File > New > TIBCO SOA Resources.
2. Click TIBCO SOA Project and click Next.
3. In the Project name field, type a name for the project and click Next twice.
4. In the Project Types list, choose one of the following ways to create a project:
— SOA Project From Implementation
You can create a Web application project from an existing WAR file, WTP file, or a web.xml file.
— Empty SOA Project
— Basic SOA Project 5. Click Finish.
Adding an Empty WebApp Component
To add an empty WebApp component, do one of the following:
• Right-click the composite canvas and select Add > WebApp.
• Click the canvas and click the WebApp icon in the pop-up toolbar.
• Click the WebApp icon in the Palette and click the canvas.
Starting with an Existing Implementation
• Bottom-up approach:
— Approach 1: Drag and drop the existing WAR file, Web.xml file from the Project Explorer to the composite canvas.
— Approach 2: In the Properties tab, Implementation section, under the Basic tab, specify a WTP project, WAR file, or Web.xml file. WTP project is the default option.
TIBCO ActiveMatrix WebApp Component Development Creating a WebApp Component
|
7• Top-down approach:
a. Drag and drop the WebApp component on the composite canvas.
b. Add reference on WebApp component and attach WSDL port type to reference.
c. Generate the Servlet Implementation.
8
|
Chapter 2 WebApp ComponentsConfiguring a WebApp Component
Implementation Options and Features
Select the WebApp component on the canvas and in the Properties view, click the Implementation tab.
The Options section allows you to specify the approach for component
development and the Features section allows you to specify the custom features on which the implementation depends.
Properties
Select the WebApp component on the canvas and in the Properties view, click the Properties tab. The Context Root and Connector Name properties must always be set.
You can configure a WebApp component using the ZeroConfiguration WAR file.
For details, refer ZeroConfiguration DAA Creation Using WAR, page 20.
Field Description
WTP Project Start with the Eclipse WTP project containing the WebApp component implementation.
WAR Start with the WAR file containing the WebApp component implementation.
Deployment Descriptor (web.xml)
Start with the deployment descriptor of the WebApp component, that is, the
web.xml file.
Field Description
Feature ID The ID of the feature.
Version Range The range of feature versions that the component requires.
TIBCO ActiveMatrix WebApp Component Development Configuring a WebApp Component
|
9Property Description
contextRoot The context root of a web application determines which URLs are to be delegated to your web application. If your application's context root is myapp, any request for /myapp or /myapp/* are handled. For example,
http://localhost:8080/myapp/index.html.
NOTE: A WebApp component must have an unique context root.
defaultConnector This property defines the name for an HTTP Inbound connector. For a Web application, a browser is only way of communication and as browser uses HTTP to communicate with any Web application. In TIBCO ActiveMatrix, you need to configure this HttpInbound Resource template in Administrator before deploying a Web application.
10
|
Chapter 2 WebApp ComponentsConfiguring a WebApp Component Using Web.xml
This section summarizes the procedure for configuring a WebApp component using a web.xml file.
1. Point to the web.xml file in the WebApp component implementation:
— Approach 1: Drag and drop the existing web.xml file from the Project Explorer to the composite canvas.
— Approach 2: Select the WebApp component on the canvas and in the Properties view, Implementation section, specify the web.xml file.
2. Generate the Servlet implementation.
a. In the Properties View, General section, Validation Report area, click the fix... link.
b. Select Generate Servlet Implementation.
The OSGI Plug-in project is created.
3. For static resources and JSP files, create a folder named resources under the
src folder in the generated OSGI Plug-in.
4. Export this non-Java package as an Exported Package from the OSGI Plug-in:
a. Open the MANIFEST.MF file in the META-INF folder of the Plug-in project.
b. In the Runtime tab, click Add for Exported Packages section, select the Show non-Java packages check box, select the resources package and assign any valid version as 1.0.0.
c. Save the MANIFEST.MF file.
5. Add an Import package for the resources package exported from the generated OSGI plug-in using override requirements for the configured WebApp component.
a. Open the General tab of the WebApp component in the composite.
b. Click the Override link under Administrator Requirements. This creates
SOAProjectName.override.requirements.
c. Open the Bundles & Features tab, click the + icon under the Import Packages (OSGi) section and enter the Package Name as resources.
TIBCO ActiveMatrix WebApp Component Development Configuring a WebApp Component Using Web.xml
|
11If JSP file is referring to a class from a java package (except classes from java.*
packages), add the required bundle or import package entry in component requirements file using override requirements. As override requirements is used, you need to explicitly add a custom feature as a required feature in the override requirements file. In this case, the details are not picked up from what is specified in the composite.
12
|
Chapter 2 WebApp ComponentsConfiguring a WebApp Component's Custom Feature
For more information on a custom feature, see TIBCO ActiveMatrix Java Component Development.
When you create a Web application starting with a web.xml file and generate a servlet implementation, a custom feature is automatically created and configured.
A custom feature is not automatically created for the WTP and WAR file options.
If you manually configure the component's implementation, you must manually create and configure the custom feature by selecting File > Create > New >
Custom Feature. If the component implementation uses a library, add the custom feature containing the library in the Properties view.
Starting Point Procedure Properties
View 1. Click the component.
2. In the Properties view, click the Implementation tab.
3. Click the button to the right of the Features table.
The Select a Feature dialog displays.
4. In the Select an item to open field, type a partial feature name. The feature that matches the name displays in the Matching items list.
5. Click a feature and click OK. The feature is added to the Features list.
TIBCO ActiveMatrix WebApp Component Development Configuring a WebApp Component’s External Custom Feature
|
13Configuring a WebApp Component’s External Custom Feature
For more information on a custom feature, see TIBCO ActiveMatrix Java Component Development.
If your WebApp component implementation references a plug-in containing a shared library, you must add the custom feature that contains the plug-in to the WebApp component’s configuration.
1. Click the component.
2. In the Properties view, click the Implementation tab.
3. Click the button to the right of the Features table.
The Select a Feature dialog displays.
4. Click the feature containing the shared library plug-in.
5. Click OK.
The feature is added to the component’s Features list.
14
|
Chapter 2 WebApp ComponentsAdding/Configuring a WebApp Component’s Security
Resources of a Web application are secured using security policies which provide following features:
• Authentication: The means by which communicating entities prove to one another that they are acting on behalf of specific identities that are authorized for access.
• Access control for resources: The means by which interactions with resources are limited to collections of users or programs for the purpose of enforcing integrity, confidentiality, or availability constraints.
• Confidentiality or data privacy: The means used to ensure that information is made available only to users who are authorized to access it.
WebApp component provides the Form-based Authetication and the Security Constraint policies to implement security policies for authentication and authorization of resources.
If a WebApp component is created from a WAR file or WTP project, which already contains the security configuration in web.xml, the security configuration from
web.xml will be mapped to the WebApp’s policy configuration.
Form-based Authentication Policy
Authentication mechanism provides means for verifying user’s access to the website’s protected area based on user name and password.
The form-based authentication mechanism allows you to setup look and feel of login as well as error screens. Login screens presents user an form to enter username and password while accessing a protected resource. The login module checks user’s authority to access the resource. If user is not authenticated, the error page is returned.
Adding/Configuring Form-based Authentication Policy
Follow below steps to implement a form-based authentication policy to a WebApp component:
Form-based login make use of sessions for login. System automatically logs out a user from application, once the session is invalidated.
TIBCO ActiveMatrix WebApp Component Development Adding/Configuring a WebApp Component’s Security
|
152. Select the Properties view and follow either of the below approaches to open the Form-based Authentication Configuration wizard window:
3. In the Form-based Authentication Configuration wizard window, specify the following parameters:
4. Click Finish.
Security Constraint Policy
A security constraint associates authorization and or user data constraints with HTTP operations on web resources. A Security Constraint policy allows to set security constraints on one or more web resource collections. A security constraint, which is represented by security-constraint in deployment descriptor, consists of following elements:
• Web resource collection The HTTP operations and web resources to which a security constraint applies (i.e. the constrained requests) are identified by one Approach 1 • In the Properties view, click the Implementation vertical
tab and select the Security tab.
• Under the Authentication section, select Form as authentication type from the drop-down.
Approach 2 • In the Properties view, click the Policies vertical tab.
• Click the Add Policy Set icon .
• Select Embedded as the Policy Set type, Form-Based Authentication Policy under the System Policies list and click Next.
Login page Page containing fields for entering username and password.
Click Browse to select the desired login page from the project resource list and click OK.
Error page Page displayed to user if authentication fails. Click Browse to select the desired error page from the project resource list and click OK.
Login module
Resource instance for LDAP configuration.
16
|
Chapter 2 WebApp Componentsor more web resource collections (web-resource-collection in deployment descriptor). A web resource collection consists of the following elements:
— URL patterns (url-pattern in deployment descriptor)
— HTTP methods (http-method in deployment descriptor).
• Authorization constraint An authorization constraint (auth-constraint in deployment descriptor) establishes a requirement for authentication and names the authorization roles permitted to perform the constrained requests.
A user must be a member of at least one of the named roles to be permitted to perform the constrained requests.An authorization constraint consists of the role name element (role-name in deployment descriptor).
Sample web.xml which defines the security constraint:
<web-app
<web-resource-name>Admin Role</web-resource-name>
<url-pattern>/dump/auth/admin/*</url-pattern>
<url-pattern>*.htm</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>content-administrator</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Super User Role</web-resource-name>
<url-pattern>/dump/auth/admin/*</url-pattern>
<url-pattern>/dump/auth/display/*</url-pattern>
<http-method>HEAD</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Super User Role</web-resource-name>
<url-pattern>/dump/auth/system/*</url-pattern>
</web-resource-collection>
The special role name “*” is a shorthand for all role names defined, while an authorization constraint that names no roles indicates that access to the constrained requests must not be permitted under any circumstances.
TIBCO ActiveMatrix WebApp Component Development Adding/Configuring a WebApp Component’s Security
|
17Adding/Configuring Security Constraint Policy
In TIBCO Business Studio you can add/configure a security constraint policy by following the below steps:
1. Open the Configure Web Security Constraint wizard using either of the following approaches:
2. Select the security constraint and rename the security constraint if required.
3. Click on the add web resource collection icon to add web resources under the security constraint or select existing web resource collection to update.
Approach 1 • In the Properties view, click the Implementation vertical tab and select the Security tab.
• Under the Web Security Constraint section, click the policy set to configure it or click the -not set- hyperlink to add a new Web Security Constraint policy set.
Approach 2 • In the Properties view, click the Policies vertical tab.
• Click the Add Policy Set icon.
• Select Embedded as the Policy Set type, Web Security Constraint Policy under the System Policies list, and click Next.
18
|
Chapter 2 WebApp Components4. Type the Name and Description of web resource collection.
5. In the URL pattern field, click the plus icon to add a URL pattern. Double click on a listed URL pattern to modify it.
6. Check the HTTP methods to be allowed for the web resource collection.
Default is "all" HTTP methods. If no methods are selected then "all" HTTP methods option is checked.
7. Click the add auth-constraint icon to add a authorization constraint.
8. Type the Description.
9. Click on plus icon to add a role name to the permissible roles list for the security constraint. Click on a listed role name to modify the role name.
10. Click add security constraint icon to add another security constraint to
TIBCO ActiveMatrix WebApp Component Development Updating a WebApp Component
|
19Updating a WebApp Component
You can update a component after you have configured its implementation.
Control Procedure
Canvas Right-click the component and select Refresh from Implementation.
Canvas Right-click a component and select Quick Fixes > Update Component from Implementation. (The "Quick Fixes" option is available when you add, delete or update a service, reference and property from the WebApp component.)
Properties
View 1. In the Validation Report area on the General tab of the component’s Property View click the fix... link.
2. Select Generate Servlet Implementation.
Problems View
1. In the Problems view, right-click an error of the form "The component
<ComponentName> is out of sync with its implementation" and select Quick Fix. (The "Quick Fix" option is available when you add, delete or update a service, reference and property from the WebApp component.) 2. In the Quick Fix dialog select Update Component from Implementation.
3. Click Finish.
20
|
Chapter 2 WebApp ComponentsZeroConfiguration DAA Creation Using WAR
ZeroConfiguration DAA creation is based on SDS command-line support. You can create a DAA using existing WebApp components (WAR files) on Active Matrix platform, without using the composite editor.
For details, refer SDS Commandline help.
Sample build configuration file:
Specify the <absolute path to war> in the above build configuration file.
ZeroConfiguration DAA creation supports existing WebApps, which do not invoke any SCA reference.
You must not bundle the following files inside the WAR file's WEB-INF/lib:
j2ee.jar, jasper-*.jar, jsp-api.jar, rt.jar, tools.jar, servlet.jar,
servlet-api.jar, xerce.jar, xerces.jar, and xercesImpl.jar.
TIBCO ActiveMatrix WebApp Component Development WebApp Component Implementations