Monday, 9 April 2012

IBM Rational Application Developer and IBM WebSphere Portal - Problems with File Transfer Servlet

I saw this problem on Thursday, and wanted to share the solution.

So, whilst trying to deploy my portlet from Rational Application Developer 8.0.4 IF1 to WebSphere Portal 7.0.0.2 CF12, we saw: -

WKSP0012E "Caller is not in the required role to access restricted document(s)"

in the logs for the portal server ( /opt/IBM/WebSphere/wp_profile/logs/WebSphere_Portal/SystemOut.og ).

Looking at this old WebSphere Portal Express v6 document for inspiration


we concluded that the problem may be security-related.

The document describes how to use a JACL script - redeployFileTransfer.jacl - to correctly configure security for the File Transfer Servlet.

Having checked that we still had the script with WP7: -

$ cd /opt/IBM/WebSphere/AppServer/bin
$ ls -al redeployFileTransfer.jacl

-rwxr-xr-x 1 root root 3918 Apr  5 08:07 redeployFileTransfer.jacl

and made a note of the cell, node and server/instance names: -

Cellname GBEDFTSERH301
Nodename GBEDFTSERH301
Servername WebSphere_Portal

we ran the following wsadmin command to execute the JACL script: -

cd /opt/IBM/WebSphere/AppServer/bin
$ ./wsadmin.sh -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOn GBEDFTSERH301 GBEDFTSERH301 WebSphere_Portal"

WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
Uninstall filetransfer -cell GBEDFTSERH301 -node GBEDFTSERH301 -server WebSphere_Portal
ADMA5017I: Uninstallation of filetransfer started.
ADMA5005I: The application filetransfer is configured in the WebSphere Application Server repository.
ADMA5011I: The cleanup of the temp directory for application filetransfer is complete.
ADMA5106I: Application filetransfer uninstalled successfully.
Install /opt/IBM/WebSphere/AppServer/systemApps/filetransferSecured.ear -cell GBEDFTSERH301 -node GBEDFTSERH301 -server WebSphere_Portal -appname filetransfer -usedefaultbindings -nocreateMBeansForResources
ADMA5016I: Installation of filetransfer started.
ADMA5005I: The application filetransfer is configured in the WebSphere Application Server repository.
ADMA5011I: The cleanup of the temp directory for application filetransfer is complete.
ADMA5013I: Application filetransfer installed successfully.


Having undertaken this, we restarted WebSphere Portal: -

$ ~/stopPortal.sh
$ ~/deleteLogs.sh
$ ~/startPortal.sh


and the RAD to Portal deployment worked like a treat.

For the record, here's the WebSphere 7 version of the same document: -




2 comments:

Graham Bucknell said...

Thanks again Dave - very helpful!

Dave Hay said...

@Graham - no worries, always a pleasure - hope #LifeIsGood with you as well :-)

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...