J2EE Classloading

A good article that describes websphere classloading policies ... PARENT_FIRST, PARENT_LAST etc...

J2EE Class Loading Demystified

A Look At The Java Class Loader

Turn Off WAS Global Security

If you happen to forget WebSphere administrative console password, or are locked out due to user registry problems etc and cannot login to your admin console, you may want to turn off WebSphere Application Server global security from outside the administrative console so that you can login to admin console. To do so you can either change the security.xml file of WAS or use the wsadmin tool for it.
Using WAS command-line client wsadmin (run with root privileges):
1. Open a connection to local WAS in offline mode

wsadmin -conntype NONE

2. Turn off global security

wsadmin> securityoff

3. Save

wsadmin> $AdminConfig save

Originally documented by Bill Higgins and Bobby Woolf.The only other alternative is to modify the WAS_HOME\config\cells\cellname\security.xml file in your was directy

TAM Configuration

Tivoli Access Manager Configuration Steps for using AznAPI:
1.) Configure AMRTE
2.) Configure AMJRTE (This will install the necessary library files on the system.)
3.) Use SvrSslCfg to create the properties and keystore files.
4.) Copy the .properties file to PDPerm.properties file in websphere java/jre directory.
5.) Make sure the .properties file points to the correct keystore(.ks) file.

Co-locating Tivoli Access Manager with websphere
1.) Configure AMRTE
2.) Configure AMJRTE
3.) Configure AM Authz Server
4.) Use SvrSslCfg to obtain the appropriate properties and keystore files and copy them to the appropriate directories as mentioned above.
5.) Use the local authz server while using SvrSslCfg. Alternatively just modify the "appsvr-authzsvrs" variable in the properties file to point to the local authz server.
6.) While configuring the Authz Server, the AMRTE had to be re-configured. The reason for having to do so, has not been identified.
Note: If the connection to the authz server is broken in the process of authorization,then the authz server does not throw an exception but simply returns false to the authz query.

Security Attribute Propagation Security Attribute Propagation in WebSphereSecurity attribute propagation provides propagation services using Java serialization for any objects that are contained in the Subject. And since serialization problems can occur when dealing with multiple platforms Websphere application server also offers a token framework that enables custom serialization fucntionality. When a request is being authenticated, a determination is made by the login modules whether this is an initial login or a propagation login.

1. An initial login is the process of authenticating the user information, typically a user ID and password, and then calling the application programming interfaces (APIs) for the remote user registry to look up secure attributes that represent the user access rights.
   
2. A propagation login is the process of validating the user information, typically an Lightweight Third Party Authentication (LTPA) token, and then deserializing a series of tokens that constitute both custom objects and token framework objects known to the WebSphere Application Server.

Trust Associations in WAS

From Websphere Information Center.
http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1/index.jsp?topic=/com.ibm.wasee.doc/info/welcome_ee.html

Struts Error

Struts error "Cannot find bean under name org.apache.struts.taglib.html.BEAN"
Check:
1.) Improper use of a struts tag.
2.) Form bean properties not properly set.
3.) When using tiles, make sure that forms are not nested.
4.) When <html /> <html:xxxxx> is defined outside of <html:form> </html:form>