Communications Express in Webserver Container Bug Work Arounds


The 2005Q4 release of the Java Enterprise System has come out, so I guess its time to share a few workarounds for some potential problems that you may see. First up is a product that we are working on with some of our colleagues in various parts of Sun, Communications Express. Two seperate gotcha type issues here, one of which is in the release notes, the other was hit at the end of the release cycle.

Firstly let us describe the communications express component (communications express is also referred to as UWC, which is what I will call it for the rest of this post) of the scenario that we have deployed. This deployment is relatively straight forward, with a Directory Server tier, an Access Manager tier deployed in an Application Server Web Container then Messaging Server and UWC on the same tier, with UWC deployed in a Webserver web container, and using the Access Manager SDK. Graphically this looks like.


All tiers in this case are deployed on Solaris 10

The first issue is very straight forward, and is documented in the UWC release notes as bugid 6283991 (Java Exception on Web Server Startup after Configuration of Communications Express). This issue will manifest itself as a failure during the startup of your webserver with a stacktrace similar too

info: WEB0100: Loading web module in virtual server [ms.jestest.sun.com] at [/search]
failure: WebModule[/uwc]: WEB2680: Exception starting filter IdentitySSOAuthFilter
java.lang.NoClassDefFoundError: com/iplanet/am/sdk/AMException
        at java.lang.Class.getDeclaredConstructors0(Native Method)
        at java.lang.Class.privateGetDeclaredConstructors(Class.java:2328)
        at java.lang.Class.getConstructor0(Class.java:2640)
        at java.lang.Class.newInstance0(Class.java:321)
        at java.lang.Class.newInstance(Class.java:303)
The workaround is to add the following entrys to your serverclasspath prefix in your server.xml
[ split accross lines for readability ]

/opt/SUNWam/lib:/opt/SUNWam/locale:/etc/opt/SUNWam/config:
/opt/SUNWam/lib/am_sdk.jar:/opt/SUNWam/lib/am_services.jar:
/opt/SUNWam/lib/am_logging.jar
The second issue is a lot more confusing at first glance (or at least it was for me). When you deploy the SunOne Webserver on Solaris 10 using the Jes Installer the default user for the webserver is webservd. The issue that we hit here is an inability to communicate with the Access Manager tier, whose details we have configured during the initial install of our Access Manager SDK. This will manifest itself in a stacktrace similar to the following during webserver startup.
info: CORE3282: stdout: AdminUtils: Could not initialize admin  info message: Got LDAPServiceException code=19
info: CORE3282: stdout: 10/04/2005 02:32:46:381 PM BST: Thread[Thread-1,5,main]
info: CORE3282: stdout: Crypt.static{}: Encryptor class= com.iplanet.services.util.JSSEncryption
warning: CORE3283: stderr: Failed to create debug directory
info: CORE3282: stdout: 10/04/2005 02:32:46:419 PM BST: Thread[Thread-1,5,main]
info: CORE3282: stdout: Intilize CryptoManager in JSSEncryption.java
info: CORE3282: stdout: 10/04/2005 02:32:46:427 PM BST: Thread[Thread-1,5,main]
info: CORE3282: stdout: ocspCheck value in JSSEncryption : false
info: CORE3282: stdout: 10/04/2005 02:32:46:574 PM BST: Thread[Thread-1,5,main]
info: CORE3282: stdout: Crypt.static{}: Encryptor class= com.iplanet.services.util.JSSEncryption
info: CORE3282: stdout: 10/04/2005 02:32:46:579 PM BST: Thread[Thread-1,5,main]
info: CORE3282: stdout: Crypt.static{}: Encryptor class= com.iplanet.services.util.JSSEncryption
warning: CORE3283: stderr: Exception in thread "Thread-1" java.lang.NullPointerException
warning: CORE3283: stderr:      at java.lang.String.(String.java:479)
warning: CORE3283: stderr:      at com.sun.identity.security.AdminPasswordAction.run(AdminPasswordAction.java:86)
warning: CORE3283: stderr:      at java.security.AccessController.doPrivileged(Native Method)
warning: CORE3283: stderr:      at com.sun.identity.authentication.internal.server.SMSAuthModule.initialize(SMSAuthModule.java:131)
warning: CORE3283: stderr:      at com.sun.identity.authentication.internal.LoginContext.login(LoginContext.java:122)
warning: CORE3283: stderr:      at com.sun.identity.authentication.internal.AuthLoginThread.run(AuthLoginThread.java:82)
info: CORE3282: stdout: 10/04/2005 02:32:46:587 PM BST: Thread[main,5,main]
info: CORE3282: stdout: AuthContext::getInformationRequired() returned from waiting for Callback array
info: CORE3282: stdout: 10/04/2005 02:32:46:587 PM BST: Thread[main,5,main]
info: CORE3282: stdout: AuthContext::getLoginStatus()
info: CORE3282: stdout: 10/04/2005 02:32:46:588 PM BST: Thread[main,5,main]
info: CORE3282: stdout: AuthContext::getInformationRequired() waiting for Callback array
info: CORE3282: stdout: 10/04/2005 02:32:46:588 PM BST: Thread[main,5,main]
info: CORE3282: stdout: AuthContext::getLoginStatus()
The easiest workarounds for this (please take note of your own security considerations if applying either of these) are to either make the contents /etc/opt/SUNWam/config world readable, or else readable by webservd. For those of you with access to sunsolve this is documented as 6332324 - uwc in webserver container fails to startup due to unreadable AMConfig.properties
Comments:

It is good to see somebody posting about Java Enterprise System. Your tips are good and I guess it will save a lot of people new to JES or JavaES.

I think Sun should make a JavaES portal where users/partners can find all the inforamtion and patches, I would like to know that I'm running the latest version, and where I could find all related tips like this one, and call the releases the same way, support sometimes call JES 1,2,3,etc. As a partner and user sometimes is confusing.

Sunsolve is great for Solaris, but for other products is not very clear, and since some parts are being close sometimes I find something useful and when trying to read it it ask for log in I log in, and then it keeps asking for login. This has happened a couple of times.

Sun Forumos are not so good, I think the dev team should be closer to certain parters and customers that are doing a lot of things and really using the products. Right now we are having a problem with Access Manager, and nobody knows what or how to solve it.

Hope to see more posts regarding JavaES, (and please try not to change the brand again or change it for a good one this time)

Posted by Carlos on November 08, 2005 at 07:10 AM GMT #

I am getting following error when I try to access AM from AS8.0. The workaround you suggested did not work for me. Could you please help me. Constructing a new instance of SSOTokenManager Obtained Grappa SSO Provider Failed to create debug directory Obtained DPRO SSO Provider DataLayer: number of retry = 3 DataLayer: retry interval = 1000 DataLayer: retry error codes = [] AdminUtils: Could not initialize admin info message: Got LDAPServiceException code=19 Crypt.static{}: Encryptor class= com.iplanet.services.util.JSSEncryption Intilize CryptoManager in JSSEncryption.java ocspCheck value in JSSEncryption : false Crypt.static{}: Encryptor class= com.iplanet.services.util.JSSEncryption Crypt.static{}: Encryptor class= com.iplanet.services.util.JSSEncryption AdminTokenAction::getSSOToken Exception reading from serverconfig.xml java.lang.NullPointerException at java.lang.String.<init>(String.java:479) at com.sun.identity.security.AdminTokenAction.getSSOToken(AdminTokenAction.java:242) at com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:158) at java.security.AccessController.doPrivileged(Native Method) at com.iplanet.am.util.AMClientDetector.getServiceSchemaManager(AMClientDetector.java:217) at com.iplanet.am.util.AMClientDetector.<clinit>(AMClientDetector.java:94) at com.sun.mobile.filter.AMLController.init(AMLController.java:85) at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:276) at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:359) at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:130) AdminTokenAction::run Unable to get SSOToken from serverconfig.xml AdminTokenAction: App user name or password is empty ERROR: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.password SMSEntry: Special User Set: [] SMSEntry: cache enabled: true SMSEntry: DN notification enabled: false SMSLdapObject: proxy enable value: false in DSConfigMgr.getNewFailoverConneciton() ERROR: SMSEntry: Unable to initalize(exception): java.lang.NullPointerException at com.iplanet.services.ldap.DSConfigMgr.getHostName(DSConfigMgr.java:373) at com.iplanet.services.ldap.DSConfigMgr.getNewFailoverConnection(DSConfigMgr.java:291) at com.iplanet.services.ldap.DSConfigMgr.getNewConnection(DSConfigMgr.java:253) at com.iplanet.services.ldap.DSConfigMgr.getNewAdminConnection(DSConfigMgr.java:212) at com.sun.identity.sm.ldap.SMDataLayer.initLdapPool(SMDataLayer.java:183) at com.sun.identity.sm.ldap.SMDataLayer.<init>(SMDataLayer.java:99) at com.sun.identity.sm.ldap.SMDataLayer.getInstance(SMDataLayer.java:113) at com.sun.identity.sm.ldap.SMSLdapObject.initialize(SMSLdapObject.java:159) at com.sun.identity.sm.ldap.SMSLdapObject.<init>(SMSLdapObject.java:124) at com.sun.identity.sm.SMSEntry.<clinit>(SMSEntry.java:216) at com.sun.identity.sm.ServiceSchemaManager.<clinit>(ServiceSchemaManager.java:67) at com.iplanet.am.util.AMClientDetector.getServiceSchemaManager(AMClientDetector.java:219) at com.iplanet.am.util.AMClientDetector.<clinit>(AMClientDetector.java:94) at com.sun.mobile.filter.AMLController.init(AMLController.java:85)

Posted by Deepak H P on December 08, 2005 at 06:47 AM GMT #

vnvn

Posted by guest on September 08, 2006 at 09:00 AM IST #

I like your article. I ran into the problem described as a second one in your post (using CommSuite 5). But it's not simple to resolve as given here. Three of us jointly searched on many sites for an answer but couldn't find the missing piece how to solve this. The closest we got was this: http://lists.balius.com/pipermail/info-ims-archive/2006-May/025481.html
Is it possible to update this article with the inclusion of some more related tips? Thank you.

Posted by Ivan Arsenijevic on October 29, 2007 at 01:51 PM GMT #

It was a very nice idea! Just wanna say thank you for the information you have shared. Just continue writing this kind of post. I will be your loyal reader. Thanks again....

Posted by links london jewelry on November 29, 2009 at 05:59 PM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

fintanr

Search

Archives
« April 2015
MonTueWedThuFriSatSun
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today