I have the following requirement: I want to track all requests, that go through our WebSphere servers. We have some web applications, and some web services deployed to our servers. However, i don't want to add that tracking mechanism to each application.
Is there a possibility, to add some plugin or to create a filter for the WebSphere server, where i can read the request (i need some additional data from the request, like username, and session id for the tracking)?
Or is the only solution for that problem some kind of proxy server, which i have to put before our WebSphere server and which can process the tracking?
We are using WebSphere 8.
At first there is a kind of HTTP request logging that can be done in Websphere version 8.
From the administration console choose Servers > Server Types > WebSphere application servers > server_name > Troubleshooting > NCSA access and HTTP error logging
Once you enable Access Logging and Error Logging you have Web server like HTTP logs in the WAS logs directory.
In case you need additional information, like the HTTP headers you mentioned, you should enable the following traces:
com.ibm.ws.http.HttpConnection=finest:
com.ibm.ws.http.HttpRequest=finest:
com.ibm.ws.http.HttpResponse=finest
More on this you can find here.
Related
I have few rest services bundled to an ear and deployed to Websphere application server in PROD clustered environment(16 Websphere app server instances). IHS webserver instances are serving the incoming requests to above app servers.
I need to capture request/response details and few logs during processing of the request. In PROD the debug log is by default disabled, I need a way to enable debug logs in all app servers without any deployments.
Please suggest.
Maybe NCSA logging is what you are looking for
https://www.ibm.com/docs/en/was-nd/9.0.5?topic=application-enabling-access-logging
How can i enable SSL (two way handshake) in web application in tomcat to external application. I searched in google. But it gives a way to enable SSL between tomcat and client. But i need to enable SSL between Web app to external application (the application in tomcat calls an another rest web service). How can i do that?
EDIT
I know that we can consider that the web app as a client and external application as the server and then we can enable SSL. But i need to find a way to configure it in Tomcat. In here the external Application means, .
There are no way to do it in tomcat level. I could enable it in the application (in the server) level. I used this link to do that.
I've got a simple SPA Sprint Boot application - executable jar with embedded tomcat and looking to plug it into siteminder with preauthenticatedauthenticationprovider. Application is http://someserver:1234
Documentation states that a WebAgent is installed on a web server and that 'intercepts' requests. Would the WebAgent be deployed in a separate container? If so, how does it intercept requests? All documentation refers to this intercept, but doesn't state the mechanism.
Does it need to be deployed inside the same container to intercept requests? The only way I can think any http headers are intercepted is through proxies.
There are 2 ways to configure Web Agent.
1. Local Configuration
- Setup Agent in the sever where Applciaiton is hosted.
2. Centralized Configuration
- Setup Agent in the a web server like Apache and add proxy entries to the backend applications. this configuration intercepts each and every request going from the webagent server. I recommend this. if you have still questions drop here.
- Thanks,
Chiranjeevi
I am using dedicated server. I have hosted different HTML, PHP and wordpress websites on this server those are working perfectly.
Now I want to deploy java web application on this server. So I have installed Apache tomcat server on another port. So now I want to know how I can handle request directly from domain name to tomcat apache server.
Along with this I want to know how I can deploy multiple web applications on single tomcat. I want to know configuration to call different WAR files from tomcat.
Thank you in advance for your support.
You can use Apache as reverse proxy with the mod_proxy plugin: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
Therefore, you can handle all HTTP requests with Apache, specifying which requests shall be redirected to the Java web app in Apache Tomcat - port 8080.
Easiest way is to set up a HTTP server (apache, nginx, etc.) as a reverse proxy. Then you can map different domains to different contexts, for example:
www.domain.com -> localhost:8080/main/
www.otherdomain.com -> localhost:8080/othermain/
subdomain.domain.com -> localhost:8080/anotherwar/
For example with Nginx it would be done with a ProxyPass directive. Other HTTP servers have their own respective mechanisms.
We want to realize a SSO-infrastructure with some IBM Domino / Websphere products and one custom web application. All IBM products are configured for SSO. Therefore, the WebSphere Application Server 8 generates an LTPAToken2 after successful login in one of the IBM products. We want to achieve the same behaviour for our own custom web application. After login into this web app, a LTPAToken2 should be generated.
Therefore my question: Is it possible to generate a valid LTPAToken2 in our custom web application? Or maybe, is it possible to use the WebSphere Application Server APIs for this generation? Which steps would be nessecary to achieve this? At the moment, our custom web application is not hosted in a WAS, but on a Tomcat.
Thanks and best regards
Ben
As long as you have your application hosted on a tomcat server that is not possible. There is no open API from IBM for creating LTPA tokens.
If you would have had the same user directory and using standard Java Security Mechanisms you could move your application to WAS, where SSO is configured. Not only would it be possible, your LTPA tokens would be created on login to your web application without any further configuration.
As it seems have a solution with two different user directories, sharing the same user id but not the password, you need to take other measures to achieve SSO.
One is to have an Access manager software which handles login for all your applications,
A second solution is to write some custom code. Login into the tomcat server could generate a custom cookie. You need to write code to generate this cookie. Then you can write a TAI to intercept it on the WebSphere server thus accepting the login. The TAI would be configured in the container rather than in a separate application itself. (example)
I also assume you could solve this by writing servlet filters to handle the login, rather than a TAI.
If your Tomcat app is on the same domain as (one of) the WebSphere servers, and the Tomcat server has network access to the WebSphere instance, you could have a servlet in your Tomcat app accept credentials on its request and pass them in an outbound http request to something like /<secured app>/j_security_check on the WAS instance, record the LtpaToken2 if successful and then add a cookie with its value in the servlet response on Tomcat.
As long as the two servers are on the same domain the browser will send the cookie back if the Tomcat app links/redirects the user to a secured URI on the WAS app, and you have SSO.