Comments on: A WebSphere Process Server implementation story

By: Arby

Arby — Fri, 13 Nov 2009 02:10:10 +0000

As I alluded to above, write an EJB on WPS 6.2. Invoke the EJB from WAS 7.0. WPS 6.2 supports EJB 2.* unfortunately and not EJB 3.0, so it is a little bit harder than it has to be.

Locally on WPS 6.2 invoke the “local” EJBs from Business Flow Manager and Human Task Manager.

You CAN use Web Service version of BFM and HTM. I personally found it too cumbersome to configure than the EJB. Which is a testament to how difficult IBM makes its solutions.

Best.

By: Runa

Runa — Wed, 11 Nov 2009 16:40:33 +0000

Hi Albin,

I have a scenario where in I have a web application on was 7.0 and WPS server 6.2 is on other sytem.I want to invoke process from the client .to use EJB interface I will have to install WPS client 6.2 on my client side i.e over was 7.0 .I dont think it is going to work and for this kind of scenario I will have to use webservices api for invoking the process ?Please suggest if I am right on this ?
Thanks,
Runa

By: Albin Joseph

Albin Joseph — Fri, 30 Oct 2009 07:47:07 +0000

It depends on your requirement. WebService is the easiest way. However the number of methods you can use will be less compared to EJB API.

By: runa

runa — Thu, 29 Oct 2009 10:50:26 +0000

Albin,
Thanks for the article .But I am kind of stuck in deciding wihich interface to use EJb or Webservice or rest ,I tried to look into the comaprision for these in http://publib.boulder.ibm.com/infocenter/dmndhelp/v6r2mx/index.jsp?topic=/com.ibm.websphere.bpc.z.620.doc/doc/bpc/cbpcapi_compare.html but still not able tp decide please guide.

By: Albin Joseph

Albin Joseph — Tue, 27 Oct 2009 07:28:42 +0000

I wouldn’t say I am unhappy with WID. I feel it is the best tool available in the market now. However to make some simple things to work we need to struggle a lot. I think IBM could have give a better documentation for this product covering all the scenarios.

By: Steve B.

Steve B. — Fri, 23 Oct 2009 13:22:37 +0000

Albin,
I work for a large manufacturing company and have had the exact same experiences. Everyone has challenges within their corporate culture. What I would also be interested in hearing are the “challenges” with the tools (WPS/WID). I’ve worked on several projects now to implement very simple integrations with WID/WESB/WPS and I’m extremely unhappy with the toolset. The idea’s behind the tools are sound, but the struggles you go through to get simple things to work is astounding.
Thoughts?

By: Arby

Arby — Fri, 09 Oct 2009 15:51:14 +0000

IBM does provide a “web service” invocation route to BFM / HTM service instead of Session Bean. But I found the configuration overly complicated. Configuring RMI security proved to be the lesser evil.

In any event, my basic problem is that IBM solution are unnecessarily complicated. I have to live with their products. But I would like to believe I don’t have to live with their remoting solutions. I earned my stripes in distributed computing. I learned – as someone else has so eloquently put – the effort spent in designing something is inversely proportional to the simplicity of the result. A fact lost on IBM, conveniently, because if they make things simple, they lose consulting dollars. But I’m digressing.

I love, like and understand Web Service technology very well. After getting things to work using the EJB route, I delved into exactly what was happening. Without going into too much details, 3 types of “tokens” aka credentials are getting serialized over the wire through the EJB Proxy. I figured out how to do the same thing manually, confirmed that the serialized payload was identical to what was being generated by the EJB proxy. I then proceeded to ASCII encode it as a SOAP Header and send it over the wire using a CXF service. The idea was to deserialize and get the credentials back.

When I tried to deserialize the payload over the wire, I got a serializeVersionUID error. Fact of the matter is I know I got the security credentials right. I know because I dumped them into a file, read them at the other end of the wire, and was able to invoke the BFM session bean on behalf of whatever user I wanted.

Sorry for the long drawn out response. I’m sorry but WebSphere Process Server sucks. Someday, maybe I’ll start my own blog. I’m sure I’ve bored yawl enough.

Best.

By: Arby

Arby — Fri, 09 Oct 2009 15:39:52 +0000

Thank you. I had already read your article before I asked the question.

The solution I used was EJB/RMI security. It is easier to explain through code than in English

LoginContext context = new LoginContext(“system.RMI_INBOUND”,
WSCallbackHandlerFactory.getInstance().getCallbackHandler(userId, (String)null));
context.login();
WSSubject.setRunAsSubject(context.getSubject());

We execute this code BEFORE I create instance of BFM or HTM session bean. The thread of invocation transfers the necessary credentials over the wire, effectively “trusting” the caller. Notice, no password for creating the login context. Not that I have it anyways. Needless to say, communication between my Web Application (deployed in WebSphere) and my Process Model (deployed in WebSphere Process Server) happens in the “trusted” layer.

We muddled through configuration of RMI security on both WebSphere and WebSphere Process Server to get this working. Perhaps you or someone else will create a guide for mere mortals in simple English (IBM documentation is Greek, maybe Latin, certainly French, all of which I don’t speak).

Best Regards.
P.S. I did keep my job. For now

By: Andy

Andy — Thu, 24 Sep 2009 15:58:53 +0000

I believe we can secure the WS call using WSS4J. You can check the info at http://ws.apache.org/wss4j/.A simple example is also given.
However, I am not sure how the username/pwd sent from ur client in Jboss will be authenticated at WPS side as I haven’t worked with WPS.
I believe WPS must have a user registry configured and if the user name exists there it should authenticate .
If someone with knowledge of WPS can clarify this, then you got the answer. Usually applications must have LDAP, if you get the uid/pwd authenticated in ur client using a LDAP, make sure to give the same LDAP in the user registry of webservice server (WPS in ur case).

By: Albin Joseph

Albin Joseph — Wed, 16 Sep 2009 05:57:58 +0000

Raj, What you need is an SSO between JBoss and WAS. I have not configured an SSO between JBoss and WAS yet. However I can give you some pointers which will help you.

I do not think LTPAToken is going to work for you as JBoss does not understand what an LTPAToken is. You may need to write a JAAS module for making this happen. or you can even think about different alternates like SAML or certificate based SSO.

Please let me know if this helps.