ShowTable of Contents
Overview
Remote rendering in IBM® Web Content Manager
TM (hereafter called "WCM") version 7 is generally performed by use of Web Services for Remote Portlets (WSRP) support of the Java
TM Portlet Specification (JSR) 286 web content viewer. If you need to display web content from a server that is running a WCM version earlier than V7, you can install the IBM Portal API remote web content viewer. Refer to the IBM Web Content Manager v7 Infocenter topic, "
Performing remote rendering with WSRP and the JSR 286 web content viewer," for details on rendering the web content viewer portlet consumed using WSRP.
Configuring remote rendering
Here are the overall steps for configuring remote rendering of the web content viewer portlet consumed using WSRP.
- Set up Single Sign-On (SSO) between the Consumer and Producer, unless the remote rendering is for anonymous content.
- Set up security on the Producer
- Set up security on the Consumer.
- Provide the JSR 286 Web content viewer portlet as a WSRP service hosted on the remote web content server acting as the WSRP Producer and Consumer the remote web content viewer provided as a WSRP service on the portal acting as the WSRP Consumer
- Add the consumed portlet to the page and render content.
Setting up SSO between the Consumer and Provider WCM
Follow the instructions in the "
Single sign-on for authentication topic," in the IBM WebSphere® Application Server Infocenter to set up SSO between the Producer and Consumer WebSphere Portal / WebSphere Application Server. This is a required in order to be able to consume the Remote JSR 286 web content viewer portlet. If this is not set correctly, when accessing secured content in the consumed web content viewer, it will prompt you to enter the User ID and password. The WebSphere Portal wiki article,
"Setting up single sign-on for WebSphere Application Server," also provides step-by-step instructions to enable SSO.
Setting up security on the Producer
The instructions to set up security for the Producer are in the WebSphere Portal Infocenter topic, "
Configuring the Producer portal for WS-Security authentication." You can use all security tokens that WebSphere Application Server supports. The portal provides a set of sample security-token configurations that correspond to the default security profiles for the WSRP Consumer; specifically, the LTPA token, the Username token, and signed Username token. To use one of these configurations, this article follows the the fast path described in the Infocenter. Here are the steps:
- After you export the portal Enterprise Archive (EAR) file (wps.ear) and import it into an assembly tool, such IBM Rational® Application Developer (RAD), you can make the modifications required to configure your Producer portal for Web services security (WS-Security) authentication. To export, run the following command in the Producer portal from the <profile_root>\bin:
wsadmin.bat -user wpsadmin -password <password> -c "\$AdminApp export wps c:/Working/wcmwsrp/wps.ear"
2. Follow the Instructions / Documentation for the assembly tool to import the exported EAR.
3. Run the following command, and pass in the path of the directory to which you want to copy the sample files as the value for the Destination parameter:
UNIX: ./ConfigEngine.sh copy-samples -DWasPassword=password -DCategoriesList=wp.wsrp.producer -DDestination=directory in the wp_profile_root/ConfigEngine directory
i: ConfigEngine copy-samples -DWasPassword=password -DCategoriesList=wp.wsrp.producer -DDestination=directory in the wp_profile_root/ConfigEngine directory
Windows: ConfigEngine.bat copy-samples -DWasPassword=password -DCategoriesList=wp.wsrp.producer -DDestination=directory in the wp_profile_root\\ConfigEngine directory
4. Each sample configuration consists of two descriptor files, ibm-webservices-bnd.xmi and ibm-webservices-ext.xmi. Take these files from the chosen sample configuration and replace the existing files with the same name in the assembly tool project to which you have imported the EAR file in the previous step.
5. Save the project and export as an EAR file.
6. Update the Portal Application EAR in the Producer portal, using a wsadmin command, for example:
wsadmin.bat -user wpsadmin -password <password>-c "$AdminApp install c:/Sample/wcmwsrp/wps.ear {-update -appname wps -deployejb -deployejb.classpath wps_home\\base\\wp.base\\shared\\app\\wp.base.jar}"
7. Restart WebSphere Portal; security for the Producer is now complete.
Setting up security on the Consumer
The instructions to set up security for the Consumer is in the Infocenter topic, "
Preparing security for a WSRP Consumer portal." If the Producer from whom you consume WSRP services in your Consumer portal has enabled security via Web services security authentication, you must configure your Consumer portal for the appropriate WS-Security token authentication. To do this, follow these steps:
- After you export the Portal EAR file (wps.ear) and import it into the assembly tool, such as RAD, you can make the modifications required to configure your Consumer portal for WS-Security authentication. To export, run the following command in the Consumer portal from the <profile_root>\bin:
wsadmin.bat -user wpsadmin -password <password> -c "\$AdminApp export wps c:/Working/wcmwsrp/wps.ear"
2. Follow the Instructions / Documentation for the assembly tool to import the exported EAR.
3. Run the following command, and pass in the path of the directory to which you want to copy the sample files as the value for the Destination parameter:
UNIX: ./ConfigEngine.sh copy-samples -DWasPassword=password -DCategoriesList=wp.wsrp.consumer -DDestination=directory in the wp_profile_root/ConfigEngine directory
i: ConfigEngine copy-samples -DWasPassword=password -DCategoriesList=wp.wsrp.consumer -DDestination=directory in the wp_profile_root/ConfigEngine directory
Windows: ConfigEngine.bat copy-samples -DWasPassword=password -DCategoriesList=wp.wsrp.consumer -DDestination=directory in the wp_profile_root\\ConfigEngine directory
4. Each sample configuration consists of two descriptor files, ibm-webservices-bnd.xmi and ibm-webservices-ext.xmi. Take these files from the chosen sample configuration and replace the existing files with the same name in the assembly tool project to which you have imported the EAR file in the previous step.
5. Save the project and export as an EAR file.
6. Update the Portal Application EAR in the Consumer portal, using a wsadmin command, for example:
wsadmin.bat -user wpsadmin -password <password> -c "$AdminApp install c:/Sample/wcmwsrp/wps.ear {-update -appname wps -deployejb -deployejb.classpath wps_home\\base\\wp.base\\shared\\app\\wp.base.jar}"
7. Restart WebSphere Portal; the security for the Consumer portal is now complete, and it can communicate with Producer portal.
Customizing the WSRP resource proxy to forward the LTPA token on the consumer
The WSRP resource proxy can forward single sign-on cookies (LTPA, LTPA2) from the client requests to resources in the same single sign-on domain. More details can be found in
IBM Web Content Manager Infocenter. You can influence the LTPA token forwarding behavior. To do this, proceed as follows:
1. Set the following property in the HTTP Client Service: wsrp.resourceproxy.sso.domain =
Single sign-on domain.
Use this property to specify the single sign-on domain. If the WSRP resource proxy loads a resource from a host inside this domain and the client request contains LTPA or LTPA2 cookies, these are forwarded to the remote resource.
2. Restart the portal or the cluster for the new setting to become active
Performing remote rendering with WSRP and the JSR 286 web content viewer
To display web content on a portal that does not have IBM® Web Content Manager installed, you can use the JSR 286 web content viewer and the portal's WSRP support. The web content viewer can then retrieve and display content from a web content system on a different server. When using the JSR 286 web content viewer for remote rendering with WSRP, the remote web content server acts as the WSRP Producer and the portal with the web content viewer acts as the WSRP Consumer.
1. Provide the JSR 286 web content viewer portlet as a WSRP service hosted on the remote web content server acting as the WSRP Producer.
2. Consume the remote web content viewer provided as a WSRP service on the portal acting as the WSRP Consumer.
3. Configure the web content viewer to display content, just as you would configure a local web content viewer. When using the web content viewer with WSRP, settings that enable you to select content from a web content library display content from the remote web content system.
Note: Any resources required by the web content viewer, such as resource bundle files or context processor plug-ins, must be available on the remote web content server acting as the WSRP Producer.
Limitations when using WSRP with the web content viewer
- Because the concept of pages and Web content pages does not exist in WSRP, you cannot use the dynamic link broadcasting feature with web content pages. When specifying how links should be broadcast, do not select Dynamically select a web content page in the Broadcast links to field. Selecting this option has the same effect as broadcasting links to the current page.
- The use of authoring tools components or remote authoring action URLs in your web content is not supported with WSRP.
- All tagging and rating features for web content are not supported with WSRP.
- Personalization elements using selection rules based on the federated documents resource collection cannot be used with WSRP.
Troubleshooting
If any issue with rendering content, we need to gather the traces request in the technote
Collecting Data: JSR 286 Web Content Viewer for Web Content Manager V7.0 with the problem reproduced for analysis. The trace logs should provide sufficient details to isolate the issue. If still not able to isolate the issue, report the problem to IBM Support by opening a PMR and attach the collect data to the PMR. An IBM support engineer will assist on this.
About the author
Dineshbabu (Dinesh) Ramakrishnan is a Staff Software Engineer in IBM's Software Group, working with the Lotus Web Content Management team. He has over 10 years of experience working both in development and support on WebSphere Application Server, WebSphere Portal Server, and Lotus Web Content Management, and has been working on WebSphere Portal and IBM Web Content Manager since 2003. Dinesh is an IBM Certified Application Developer and IBM Certified System Administrator for IBM Workplace Web Content Management , WebSphere Portal & Lotus Web Content Management.