|
| Problem | Things to check if the WebSphereŽ Control Program (wscp) tool works before enabling security, but stops working after enabling security. | | | | Solution | BackgroundThe WSCP tool works fine before enabling security. However, after enabling security (which by default enables SSL between the administrative tools and the administrative server) you see the following exceptions:
com.ibm.ejs.sm.client.RepositoryOpException: Failed to create
InitialContext : Error during resolve
at
com.ibm.ejs.sm.ejscp.ClientRepository.<init>(ClientRepository.java:150)
at
com.ibm.ejs.sm.ejscp.EjscpExtension.init(EjscpExtension.java:113)
at tcl.lang.JavaLoadCmd.cmdProc(JavaLoadCmd.java:129)
at tcl.lang.Parser.evalObjv(Parser.java(Compiled Code))
at tcl.lang.Parser.eval2(Parser.java(Compiled Code))
at tcl.lang.Interp.eval(Interp.java:2042)
at tcl.lang.Interp.eval(Interp.java(Compiled Code))
at com.ibm.ejs.sm.ejscp.WscpShell.main(WscpShell.java(Compiled
Code))
Failed to load extension : EjscpExtension
-
The AdminServer runs as non-root.
=============================================================
Here is the scenario:
1. Install WebSphere Application Server. 2. Create a keyring.class for the Application Server following instructions in article 5.5.7.3 of the InfoCenter. We called our keyring the DummyKeyring.class so we didn't have to change property files and the CLASSPATH should already be set correct. 3. Enable global security, forces SSL between the administrative tools and the administrative server. 4. Invoke wscp.sh -> error.
Note: LDAP has nothing to do with the problem. Fixed the error/problem by changing the setup of the CLASSPATH in wscp.sh like this:
# Setup the classpath WAS_CP=$WAS_HOME/lib/jacl.jar WAS_CP=$WAS_CP:$WAS_HOME/properties <-- This line was moved up WAS_CP=$WAS_CP:$WAS_HOME/lib/tcljava.jar WAS_CP=$WAS_CP:$WAS_HOME/lib/ibmwebas.jar WAS_CP=$WAS_CP:$WAS_HOME/lib/ejscp.jar WAS_CP=$WAS_CP:$WAS_HOME/lib/xml4j.jar WAS_CP=$WAS_CP:$WAS_HOME/lib/ujc.jar WAS_CP=$WAS_CP:$WAS_HOME/lib/ejs.jar WAS_CP=$WAS_CP:$WAS_HOME/lib/console.jar WAS_CP=$WAS_CP:$WAS_HOME/lib/admin.jar WAS_CP=$WAS_CP:$WAS_HOME/lib/repository.jar WAS_CP=$WAS_CP:$WAS_HOME/lib/tasks.jar WAS_CP=$WAS_CP:$WAS_HOME/lib/servlet.jar WAS_CP=$WAS_CP:$WAS_HOME/lib/sslight.jar WAS_CP=$WAS_CP:$JAVA_HOME/lib/classes.zip WAS_CP=$WAS_CP:$JAVA_HOME/lib/tools.jar export CLASSPATH=$WAS_CP
=============================================================
This error was a result of a combination of using the name 'DummyKeyring' (same as the WebSphere default name) for their keyring, and the difference in classpath settings in WebSphere:
Since they used the name DummyKeyring, they needed to have their version of DummyKeyring in the classpath before ujc.jar where the Application Server version of this file is located. In wscp.bat, properties comes after ujc.jar but in admin.config, it comes before. If a different class name had been used and the sas.server.props and sas.client.props had been updated, they would not have encountered this. | |
| |
| |
|
Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Security Operating system(s): AIX Software version: 3.5.4 Reference #: 1047180 IBM Group: Software Group Modified date: 2003-12-15
(C) Copyright IBM Corporation 2000, 2004. All Rights Reserved.
|