Enable distributed cache and session affinity when using Secure Conversation

WebSphere Application Server provides message-level protection in a cluster environment. You can use Web Services Secure Conversation (WS-SecureConversation) for message-level protection of Java API for XML Web Services 2.0 (JAX-WS) Web services in a cluster environment.

Before you begin

A Web services request that is protected with a Security Context Token (SCT) is routed to one server in a cluster, but that SCT might have been issued or renewed by a different server in the cluster. If the WebSphere Application Server distributed cache is not configured to replicate or does not replicate quickly enough, the server processing the request might not have access to the SCT.

About this task

Perform the following high-level steps to enable distributed cache and session affinity when using secure conversation for message-level protection in a cluster environment.

Procedure

  1. Enable the distributed cache for the Security Context Token. Perform the following steps:
    1. In the Administrative Console for IBM WebSphere Application Server, click Services > Trust service > Trust Providers > Security Context Token.
    2. Select the Distributed cache check box.
    3. Click OK and then click Save to save the configuration.
  2. Create a replication domain. Perform the following steps:
    1. In the Administrative Console, click Environment > Replication domains > New.
    2. Enter a name. For example, ABCDomain.
    3. Under Number of replicas, select the Entire Domain option.
    4. Click OK and then click Save to save the configuration.
  3. Enable the dynamic cache. Perform the following steps for each server in the cluster:
    1. In the Administrative Console, click Servers > Application Servers > server_name > Container Services > Dynamic Cache Service.
    2. Select the Enable service at server startup option.
    3. Select the Enable cache replication option.
    4. Select the replication domain name that you created. For example, ABCDomain.
    5. Select the replication type as Both push and pull.
    6. Click OK and then click Save to save the configuration.
  4. Specify the distributed cache batch update interval as 100 milliseconds. Perform the following steps for each server in the cluster:
    1. In the Administrative Console, click Servers > Application servers > server_name > Java and Process Management > Process Definition > Java Virtual Machine > Custom Properties > New.
    2. Enter the com.ibm.ws.cache.CacheConfig.batchUpdateInterval property name.
    3. Enter 100 as the property value.
    4. Click OK and then click Save to save the configuration.
  5. Install and configure a Web server or proxy server that supports session affinity. The IBM HTTP Server and WebSphere Application Server proxy server support session affinity. In the WebSphere Application Server Information Center, see Communicating with Web servers for information on installing and configuring the IBM HTTP Server.
  6. Configure the client systems to send the Web services requests to the host and port where the Web server or proxy server is running. The Web server or proxy server then routes the requests to the proper cluster member.
  7. On the services that are receiving the Web services requests, which are protected by using Web Services Secure Conversation, select the HTTP transport Session enabled policy option. Complete the policy set configuration by following these steps:
    1. Add the HTTP Transport policy to the policy set that is being used by the services.
    2. In the configuration panel for the HTTP Transport policy, select Session enabled.
    3. Click OK and then click Save to save the configuration.
  8. On the client systems that are sending the Web services requests and are protected by Secure Conversation, enable the HTTP transport Maintain session property. Complete the policy set configuration or set the property programmatically. If you are using a policy set with your configuration, follow these steps:
    1. Add the HTTP Transport policy to the policy set that is being used by the clients.
    2. At the HTTP Transport policy configuration panel, select the Session enabled option.
    3. Click OK and then click Save to save the configuration.

Results

After the configurations are completed, you have enabled the distributed cache and session affinity when using secure conversation in a cluster environment. If the server processing the request does not have access to the SCT, it will fail the request with the error of Either null SCT or invalid SCT.

Example

The following example, which is a code snippet, demonstrates how to programmatically set the Maintain session property on the correct JAX-WS object:

Map<String> rc = ((BindingProvider) port).getRequestContext();
...
rc.put(BindingProvider.SESSION_MAINTAIN_PROPERTY, Boolean.TRUE);
... </String>



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=twbs_enablesecconvcluster
File name: twbs_enablesecconvcluster.html