AEGIS .net, Inc (AEGIS)Powerful Results. Delivered.SM
Connect Platform Port from Sun Glassfish to IBM WebSphere
CONNECT Code-A-Thon - September 21-22, 2010
1AEGIS.net, Inc. - Powerful Results. Delivered.SM
About AEGIS Introductions The Mission (Why?) The Plan (How?) Successes/Challenges (Lessons) CONNECT Changes (Coding/Deployment) CONNECT Integration (Make It Official) Incomplete Tasks (Testing!) Demo Open Discussion (Q&A)
AEGIS.net, Inc. - Powerful Results. Delivered.SM 2
Agenda
Founded in 1996 Based in Rockville, MD ISO 9001:2008 Certified Rated CMMI Dev v1.2 Maturity Level 3 SBA Registered Small Business GSA Schedule 70 Contract #GS-35F0125S Facilities Clearance: DoD Secret
AEGIS.net, Inc. - Powerful Results. Delivered.SM 3
About AEGIS
Introductions
AEGIS.net, Inc. - Powerful Results. Delivered.SM 4
Challenged by potential Federal/Commercial Health IT projects requiring NHIN Gateways which run on Production supported platforms - AEGIS undertook an R&D effort to evaluate the feasibility of porting Connect 2.4.x to IBM WebSphere.
While not 100% complete - the effort has achieve an initial answer - Yes, Connect can run on IBM WebSphere.
AEGIS.net, Inc. - Powerful Results. Delivered.SM 5
The Mission (Why?)
AEGIS.net, Inc. - Powerful Results. Delivered.SM 6
The Plan (How?)
The Plan
AEGIS.net, Inc. - Powerful Results. Delivered.SM 7
Successes/Challenges (Lessons)
AEGIS.net, Inc. - Powerful Results. Delivered.SM 8
Entrust Certificates Metro 1.5 Web Service Endpoint Re-definition Deployment / Un-deployment IBM WebSphere Installation Environment
IBM WebSphere generates PKCS12 keystores [P12] by default with a self-signed certificate for the current machine.
CONNECT 2.4.x uses Sun Java keystores [JKS]
IBM JDK doesn’t like Sun Java keystores Need to import the Entrust certificates into
IBM Java keystores Implement “Configuring FIPS JSSE files”,
ensure FIPS 140-2 compliancehttp://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_fips.html
Successes/Challenges (Lessons)Entrust Certificates
AEGIS.net, Inc. - Powerful Results. Delivered.SM 9
Lots of forum discussions – does it or doesn’t it work?
Yes, if you do this…◦ Disable IBM’s default AXIS service:
com.ibm.websphere.webservices.DisableIBMJAXWSEngine
◦ Place the Metro libraries in your web application deployment – WEB-INF/lib
◦ Configure IBM WebSphere Classloader for each web application to “Parent Last”; i.e. Application First
Successes/Challenges (Lessons)Metro 1.5
AEGIS.net, Inc. - Powerful Results. Delivered.SM 10
The Metro 1.5 web services stack (in IBM WebSphere) requires all endpoints definitions in a “sun-jaxws.xml” configuration file
Glassfish auto-generates the required artifacts ; IBM WebSphere does not
Successes/Challenges (Lessons)Web Service Endpoint Re-definition
AEGIS.net, Inc. - Powerful Results. Delivered.SM 11
Current deployment method uses “wsadmin” command line tool with jacl script
CONNECT modules are deployed using current order
Un-deployment (un-install) must occur in reverse order to insure proper “clean up” of registered web services / endpoints
Successes/Challenges (Lessons)Deployment / Un-deployment
AEGIS.net, Inc. - Powerful Results. Delivered.SM 12
IBM WebSphere version is 7.0.0 with Fix Pack 9
Installation type is “Application Server”; i.e. stand-alone
Do we need to support version 6.1.x? Configuration and testing of other installation
types is needed
Successes/Challenges (Lessons)IBM WebSphere Installation
AEGIS.net, Inc. - Powerful Results. Delivered.SM 13
Running on DELL PE R710 Dual Processor, 48 Gb RAM
Windows 2003 Server x64 IBM WebSphere 7.0.0 64-bit, Fix pack 9 IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9
amd64-64 jvmwa6460sr7-20100219_54049
Successes/Challenges (Lessons)Environment
AEGIS.net, Inc. - Powerful Results. Delivered.SM 14
IBM vs. Sun JDK (we’re not in Kansas anymore) Hard-coded Internal Endpoint URLs Metro 1.5 Configuration Endpoint Configuration WSDL File Names Web Applications – Java Server Faces Log4J Implementation
CONNECT Changes(Coding/Deployment)
AEGIS.net, Inc. - Powerful Results. Delivered.SM 15
Sun JDK packages not available in IBM JDK◦ com.sun.org.apache.xerces.internal.dom
Per Sun documentation, the internal packages should not be used and may be removed in a future release
Solution: This package was found to be not needed as the org.apache.xerces.dom package provides the required classes
◦ sun.security.x509 This is a Sun JDK only package Solution: Re-code to use IBM JDK package
com.ibm.security.x509
Both issues isolated to one project and class◦ NhincCommonLib◦ gov.hhs.fha.nhinc.saml.extraction.SamlTokenExtractor
CONNECT ChangesIBM vs. Sun JDK
AEGIS.net, Inc. - Powerful Results. Delivered.SM 16
CONNECT ChangesHard-coded Internal Endpoint URLs
AEGIS.net, Inc. - Powerful Results. Delivered.SM 17
18 hard-coded endpoints in 2.4.8 code base Example – Patient Discovery
GatewayInternalComponentProxy project gov.hhs.fha.nhinc.patientcorrelationfacade.helper.TransformHelper http://localhost:8080/CONNECTGatewayInternal/GatewayService/
PatientCorrelationFacadeDteService
◦ Need a way to dynamically assign port numbers or entire URL – e.g. use gateway.properties
Down to 5 hard-coded endpoints in 3.1 code base
CONNECT ChangesMetro 1.5 Configuration
AEGIS.net, Inc. - Powerful Results. Delivered.SM 18
Need new entry in web.xml <listener>
<listener-class>com.sun.xml.ws.transport.http.servlet.WSServletContextListener
</listener-class>
</listener>
<servlet>
<servlet-name>MetroLibraryPort</servlet-name>
<display-name>MetroLibraryService</display-name>
<description>Endpoint for Metro Library Service</description>
<servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>MetroLibraryPort</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
CONNECT ChangesEndpoint Configuration
AEGIS.net, Inc. - Powerful Results. Delivered.SM 19
Comment or remove the servlet mappings in “web.xml” for all the endpoints and re-define them in “sun-jaxws.xml”.
<!-- Commented web.xml servlet
<servlet>
<servlet-name>DocumentRegistryService</servlet-name>
<servlet-class>gov.hhs.fha.nhinc.document.DocumentRegistryService</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DocumentRegistryService</servlet-name>
<url-pattern>/DocumentRegistry_Service</url-pattern>
</servlet-mapping>
-->
<!-- New endpoint in sun-jaxws.xml -->
<endpoints xmlns="http://java.sun.com/xml/ns/jax-ws/ri/runtime" version="2.0">
<endpoint name="DocumentRegistryService"
implementation="gov.hhs.fha.nhinc.document.DocumentRegistryService"
url-pattern="/DocumentRegistry_Service"
wsdl-location="WEB-INF/wsdl/DocumentRegistryService/AdapterComponentDocRegistry.wsdl"/>
…
</endpoints>
CONNECT ChangesWSDL File Names
AEGIS.net, Inc. - Powerful Results. Delivered.SM 20
The IBM WebSphere application server does not “like” the same named WSDL file to be used in multiple web service endpoints.
Example from AdapterWeb
<endpoint name="ProxyHiemSubscribe"
implementation="gov.hhs.fha.nhinc.hiem.entity.proxy.ProxyHiemSubscribe"
url-pattern="/NhincProxyNotificationProducer"
wsdl-location="WEB-INF/wsdl/ProxyHiemSubscribe/NhincProxySubscriptionManagement.wsdl"/>
<endpoint name="ProxyHiemUnsubscribe"
implementation="gov.hhs.fha.nhinc.hiem.entity.proxy.ProxyHiemUnsubscribe"
url-pattern="/NhincProxySubscriptionManager"
wsdl-location="WEB-INF/wsdl/ProxyHiemUnsubscribe/NhincProxySubscriptionManagement.wsdl"/>
AEGIS.net, Inc. - Powerful Results. Delivered.SM 21
CONNECT ChangesWeb Applications – Java Server Faces The web applications use JSF libraries of
which one, “jsf-impl.jar”, is already in the IBM WebSphere libraries
Current workaround to avoid this conflict is to simply remove this library from the web application’s WEB-INF/lib folder
Follow instructions on the IBM WebSphere 7 Information Center site:
http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/ttrb_classload_jcl.html
Minor change – based on the version of Log4J deployed in the CONNECT modules◦ The log class to assign is
org.apache.commons.logging.impl.Log4JLogger
CONNECT ChangesLog4j Implementation
AEGIS.net, Inc. - Powerful Results. Delivered.SM 22
AEGIS’ Goal Helping the CONNECT community integrate
these changes into the core product◦ Provide development platform(s)◦ Provide testing and integration◦ Etc.
CONNECT Integration (Make It Official)
AEGIS.net, Inc. - Powerful Results. Delivered.SM 23
We are not production ready yet◦ This effort was a “see if it can be done”◦ Now that we know it can, we need to move to the
next level◦ Automated build process integration◦ Full regression testing◦ NHIN Conformance testing◦ Performance and Stress testing◦ 24/48/96 hour Burn-In◦ Clustering◦ Etc.
Incomplete Tasks (Testing!)
AEGIS.net, Inc. - Powerful Results. Delivered.SM 24
Stand-alone installation◦ Successful Deployment and Server Start Up◦ Updated SoapUI Tests
Gateway to Gateway (2 Servers)◦ WebSphere to Glassfish◦ WebSphere to WebSphere
Demo
AEGIS.net, Inc. - Powerful Results. Delivered.SM 25
AEGIS.net, Inc. - Powerful Results. Delivered.SM 26
Open Discussion (Q&A)