XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Abstract

ShowTable of Contents

HideTable of Contents

1 Introduction
2 Create a UpdateSite Application
3 Import the UpdateSite
4 Set the Notes.INI variable - OSGI_HTTP_DYNAMIC_BUNDLES
5 Restart the server or the Http task
6 Plugins not persisted on the server
7 Security Safe Guards with this Deployment method
8 Conclusion

Introduction

With Domino 8.5.3 and the IBM XWork Server the XPages Extension Library can be deployed using a UpdateSite database (updatesite.ntf). This makes it easier to deploy or update the XPages Extension Library without the need to manually copy the plugins in each Domino Server. This NSF based OSGi bundles that are dynamically contributed to the OSGi runtime. For the NSF, we will leverage the standard updateSite.ntf template.

This new feature is optional and simple to use. By default the dynamic contribution is turned off. To enable it a variable must be added to the notes.ini that will contain the database paths that are allowed to contribute dynamic plugins - OSGI_HTTP_DYNAMIC_BUNDLES=updateSite1.nsf,foo/updateSite2.nsf. For each database specified in OSGI_HTTP_DYNAMIC_BUNDLES, a database based on the updateSite.ntf template needs to be created by the trusted administrator of the server who then can creates replicas in all the servers (upon which the about variable must be set) of the cluster or domain. This enables the deployment of Extension Library almost seamlessly.

Create a UpdateSite Application

For the server’s Administrator the steps to enable this feature are straight forward, though configured in a number of places. The first is to create a database on the server using the Eclipse Update Site ( updateSite.ntf) template.

Select File – Application – New.

This will launch the New Application dialog. From here select a server to where the application is to be created. Then on the same dialog select a server upon which the updateSite.ntf template resides.

Selecting the OK button on this dialog creates the application. Then it is a matter of modifying the application’s access control list for those who are to be allowed to create documents, and so add plugins to the server. Modifying the ACL of the databases to only allow (Author Access at a minimum) trusted users. Everyone else has no access. It is also recommended that "Do not show in Open application dialog" flag is set on the database.

Import the UpdateSite

The application is now ready to begin deploying an XPages Extension Library. On the main view, Main Features, select the ‘Import Local Update Site’ button. This will launch a dialog that allows for the selection of a site.xml file from an Eclipse plugin project.

For the Extension Library this is located in the updateSiteOpenNTF.zip file, which when extracted will contain two folders, ‘features’ and ‘plugins’, and the site.xml. The updateSiteOpenNTF.zip file can be found in the release of the Extension Library that can be downloaded from http://extlib.openntf.org.

Selecting this file and pressing the OK button begins the import process.

And once completed the view of the update site database will be updated with a document representing the import of the plugin.

The default state of the updateSite once installed is for it to be enabled. This same project document can be disabled as well which means that they will not be picked up by the OSGi runtime when the server Http task has been restarted. The same project document can tell the user a lot of information about the updateSite installed, most importantly the project version number.

Set the Notes.INI variable - OSGI_HTTP_DYNAMIC_BUNDLES

All that is left to do here is to put the reference to this Update Site database in the Notes.ini - OSGI_HTTP_DYNAMIC_BUNDLES=updateSite1.nsf – for the example above. And as long as this same notes.ini variable is set on other Domino servers this application can be replicated to these servers and the Extension Library will be deployed here as well.

Restart the server or the Http task

When the notes.ini variable is changed, the Domino server or the server’s http task will have to be restarted using ‘Restart Task HTTP’ command on the server’s console. When the server is restarted the following message will appear on the server console indicating that the NSF based plugin is being installed on the server

restart task http

	29/11/2011 11:43:18 Domino Off-Line Services HTTP extension unloaded.

	29/11/2011 11:43:18 XSP Command Manager terminated

	29/11/2011 11:43:20 HTTP Server: Shutdown

	29/11/2011 11:43:23 HTTP Server: Using Web Configuration View

	29/11/2011 11:43:31 JVM: Java Virtual Machine initialized.

	29/11/2011 11:43:31 HTTP Server: Java Virtual Machine loaded

	29/11/2011 11:43:32 HTTP Server: DSAPI Domino Off-Line Services HTTP extension Loaded successfully

	29/11/2011 11:43:35 HTTP JVM: CLFAD0330I: NSF Based plugins are being installed in the OSGi runtime. For more information please consult the log

	29/11/2011 11:43:53 XSP Command Manager initialized

	29/11/2011 11:43:54 HTTP Server: Started

What happens here when the server is restarted is that the OSGi launcher will introspect the updateSite dbs, automatically detect the features and dynamically load the associated plugins in the OSGi runtime. Internally, the OSGi launcher references each plugin using a url with a proprietary protocol that knows how to access the attachment plugin.

The url format is: osginsf://

For example: osginsf:updateSite.nsf/1234567890/com.ibm.extlib.demo_1.0.0_02102011.jar

Plugins not persisted on the server

It should be noted here that the plugins, deployed in this way are not physically installed in the Domino server and that once the http task is shutdown, they are not persisted anywhere in the server. And if there are more than one version of same feature, the Domino OSGi launcher will use the latest version. It will only compare the major, minor and service part of the version. If two features have the same major, minor and service, then the Domino OSGi launcher will rely on the last modified date of the feature document.

Security Safe Guards with this Deployment method

So deploying the NSF plugins is easy but this doesn’t mean that anyone can import plugins to the server. A number of security safe-guards are built in to this feature. With any customer code running from NSF, there needs to be care about who and what code is to be trusted.

The first layer of security is that the server’s administrator can enable/disable NSF based plugin contributions. By default the feature is disabled, to enable it the administrator uses the OSGI_HTTP_DYNAMIC_BUNDLES notes.ini variable containing the list of comma separated NSF paths that are authorized to contribute dynamic plugins.

The next layer of security is the ACL of the each database. One would need sufficient access to post the plugins in the database.

The OSGi runtime will perform document signature checking. Documents storing the plugins and fragments must be signed. If they are not signed or the signature has been tampered with, the OSGi runtime will not load them and a warning message will be added to the log.

For the plugin/fragment to be loaded, the person who signed the document must be included in the "Sign or run unrestricted methods and operations:" field in the security tab of the server document. If that's not the case, the OSGi runtime will add a warning to the log and the plugin will not be loaded.

Conclusion

Deploying the XPages Extension Library or any other extension library has never been easier.

Article information

Category:

XPages Extensibility API

Tags:

XPages Extension Library, 8.5.3, IBM XWork Server, tutorials

This Version:

Version 5

March 10, 2012

6:43:58 AM

by Mark Leusink

Attachments (0)

Versions (5)

Comments (19)

Submitted by Randal W. Oulton on Mar 12, 2012 4:50:05 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Where do I get a file called UpdateSite.zip for 8.5.3 Domino server? The directions skip right on by that point.

Googling is bringing up signs that there might be an UpdateSite.zip file somewhere on the openntf site -- I haven't gone there to look for it, because this IBM page says *not* to use it:

http://infolib.lotus.com/resources/domino/8.5.3/doc/designer_up1/en_us/DominoDesignerXPagesExtensionLibrary.html#Admin

"However, an http://extlib.openntf.org install is not supported. Applying the upgrade pack to 8.5.3 is the recommended process unless experimental features are desired. "

Submitted by Randal W. Oulton on Mar 8, 2012 6:24:10 PM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

"For the Extension Library this is located in the updateSite.zip file, "

Eh? What updateSite.zip file? Where do you get it from?

Submitted by Robert F Harwood on Jan 12, 2012 3:13:54 PM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Checked comments 1/12

Submitted by Stephen Medure on Dec 7, 2011 3:15:52 PM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

I created the update site, now I'm trying to use it to install the features in Designer and I get this message. What does it mean? I can access the updates site from a web browser and see the plugins listed. Why is the designer client having issues.

CWPPR0031W: The requested provisioning operation(s) completed with partial success.

Network connection problems encountered during search.

Unable to access "http://myserver.com/xpagesextlib.nsf/site.xml".

Error parsing site stream. [White spaces are required between publicId and systemId.]

White spaces are required between publicId and systemId.

Error parsing site stream. [White spaces are required between publicId and systemId.]

White spaces are required between publicId and systemId.

Submitted by Mark Leusink on Nov 10, 2011 3:40:23 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

A tip:

I added the OSGI_HTTP_DYNAMIC_BUNDLES=UpdateSite.nsf to the notes.ini using the server's Configuration document. After restarting the server (a couple of times - it's just a test server) I got (OSGI) messages in the console about an invalid database replica id.

After some investigation I discovered that the parameter was added to the notes.ini, but the application path was lowercased. Since the server is running on Linux (CentOS) it couldn't find the application.

So: either directly edit the notes.ini or (if you do use a configuration document) use a lowercased application name.

Submitted by Programmer ByDay on Nov 1, 2011 5:08:43 PM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

I just imported the new update site "8.5.3.20111027-1245" into my udpatesite,nsf. I now have many duplicate features listed in the updatesite nsf (both the "8.5.3.20111027-1245" and older "8.5.3.20111013-1854" versions appear). Is this ok? Should I disable the older duplicate features in the updatesite nsf or is it ok for both to be enabled? Thanks in advance.

LIST AFTER INSTALLING VERSION "8.5.3.20111013-1854"

Feature Version

Apache Wink Feature 1.1.2

Designer Extension Library Tooling Feature 8.5.3.20111013-1854

Domino Sample REST Service Feature 8.5.3.20111013-1854

Domino Wink Feature 8.5.3.20111013-1854

Domino Wink REST Service Feature 8.5.3.20111013-1854

Extended Components Library for XPages Extension Feature 8.5.3.20111013-1854

Extension library feature 8.5.3.20111013-1854

Extension library feature 8.5.2.201110020207NTF

Extension Library Relational Feature 8.5.2.201110020207NTF

%feature.name 8.5.3.201110020207NTF

LIST AFTER INSTALLING CURRENT VERSION "8.5.3.20111027-1245"

Feature Version

Apache Wink Feature 1.1.2

Designer Extension Library Tooling Feature 8.5.3.20111027-1245

Designer Extension Library Tooling Feature 8.5.3.20111013-1854

Domino Sample REST Service Feature 8.5.3.20111013-1854

Domino Wink Feature 8.5.3.20111027-1245

Domino Wink Feature 8.5.3.20111013-1854

Domino Wink REST Service Feature 8.5.3.20111027-1245

Domino Wink REST Service Feature 8.5.3.20111013-1854

Extended Components Library for XPages Extension Feature 8.5.3.20111027-1245

Extended Components Library for XPages Extension Feature 8.5.3.20111013-1854

Extension library feature 8.5.3.20111027-1245

Extension library feature 8.5.3.20111013-1854

Extension library feature 8.5.2.201110020207NTF

Extension Library Relational Feature 8.5.2.201110020207NTF

%feature.name 8.5.3.201110020207NTF

Submitted by Paul S. Withers on Oct 30, 2011 6:34:47 PM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

If you get the object variable not set and Domino Designer is open, try closing Designer, closing Notes and restarting just Notes. God knows why, but it works. Thanks to Paul Calhoun for letting me know abut that

Submitted by Jorgen PA Lonnborn on Oct 24, 2011 5:37:19 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Im trying to install using the above instructions.

When I click "Import Loca Update Site" and selecte the site.xml I immediately get this error message:

Object variable not set (#91) in:

dlgimportsite: click (line9)

Additional Info:

C:\Lotus\Ext\updateSiteOpenNTF\site.xml

Any idea what I do wrong?

Submitted by Jorgen PA Lonnborn on Oct 24, 2011 5:14:54 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Im trying to install using the above instructions.

When I click "Import Loca Update Site" and selecte the site.xml I immediately get this error message:

Object variable not set (#91) in:

dlgimportsite: click (line9)

Additional Info:

C:\Lotus\Ext\updateSiteOpenNTF\site.xml

Any idea what I do wrong?

Submitted by Leif Lagebrand on Oct 18, 2011 5:30:55 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Do I have to uninstall prevoius Ext.Lib files (copied to server) before I use this process?

Submitted by Paul Hannan on Oct 17, 2011 3:49:45 PM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

@Danial,

Were both extlibs which you had loaded of the same version?

But, yes, you don't need to go near the file system with this method of deploying the Extlib.

Submitted by Daniel Lindskog on Oct 17, 2011 7:38:14 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

In the case of the ExtLib release this worked fine.

When I did the server command: tell http osgi ss com.ibm.xsp.extlib I could see all the new plugins loaded from the updatesite as well as the old ones from disk.

Just for clarity I removed the disk plugins and restarted the http and it seems to works great.

Thank you for this!

Submitted by Paul Hannan on Oct 17, 2011 4:22:21 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

@Dwain, this is a Domino 853 feature as well.

@Sean, I should have been more clear on the ACL setting, I'll tidy that up. Though it's worth remembering here that regardless of what access level the user has in the ACL it's only names listed in the 'Sign or run unrestricted methods and operations' field of the server document who ultimately have the power to run the extlib on the server

Plus, I'll put in a extra clarification on the extracting the contents of the updateSite zip file too.

@Ulrich, you will see different features available with each Extension Library version - hopefully more as time goes on. And yes you will see some with the placeholder for feature names - %feature.name but this shouldn't be of concern to you as long as the functionality works at runtime. We've corrected this in the latest version of the ExtLib and I will use that to update the article.

Thank you all for your feedback.

Submitted by Ulrich Krause on Oct 16, 2011 7:52:47 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Followed the steps in this article but got a different result. I now have 5 documents under the Build category in the main view. And some of them only have a placeholder like %feature.name for the feature label and description. I used the latest release for ExtLib 8.5.3 from OpenNTF

Any idea, what went wrong? Tried several times. Always same result.

Submitted by Ulrich Krause on Oct 16, 2011 7:40:57 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Any idea, what went wrong? Tried several times. Always same result.

Submitted by Ulrich Krause on Oct 16, 2011 7:24:50 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Any idea, what went wrong? Tried several times. Always same result.

Submitted by sean cull on Oct 16, 2011 6:19:52 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Note to those ( like me ) not familiar with plugins. When you upload site.xml you must do it from an folder that also contains the other elements of the zip that it came in e.g extract the contents of updateSite.zip to a folder and THEN upload site.xml. You do not get an error message if the files referenced inside site.xml cannot be found e.g.

Submitted by sean cull on Oct 16, 2011 4:36:49 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Minor point but the article says "Everyone else has no access". The default setting on the template is anonymous = reader.

It might not be clear if everyone includes anonymous

Submitted by Dwain A Wuerfel on Oct 14, 2011 8:07:09 AM

Re: XPages Extension Library Deployment in Domino 8.5.3 and IBM XWork Server

Is this only able to be accomplished using the new xWork server?

Copy and paste this wiki markup to link to this article from another article in this wiki.

Link:

Version ComparisonCompare version with version
	Version	Date	Changed by	Summary of changes
	This version (5)	Mar 10, 2012 6:43:58 AM	Mark Leusink	updateSite.zip is now called updateSiteOpenNTF.zip (since the January ...
	4	Nov 29, 2011 6:52:31 AM	Paul Hannan
	3	Oct 16, 2011 1:11:40 PM	Jens H Polster	fixed typo in headline 'security safe gaurds with this deployment meth...
	2	Oct 6, 2011 7:09:34 AM	Paul Hannan
	1	Oct 6, 2011 7:02:47 AM	Paul Hannan