O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Liberty in IBM CICS: Deploying and Managing Java EE Applications

Book Description

Abstract

This IBM® Redbooks® publication is intended for IBM CICS® system programmers and IBM Z architects. It describes how to deploy and manage Java EE 7 web-based applications in an IBM CICS Liberty JVM server and access data on IBM Db2® for IBM z/OS® and IBM MQ for z/OS sub systems.

In this book, we describe the key steps to create and install a Liberty JVM server within a CICS region. We then describe how to best use the different deployment techniques for Java EE applications and the specific considerations when deploying applications that use JDBC, JMS, and the new CICS link to Liberty API.

Finally, we describe how to secure web applications in CICS Liberty, including transport-level security and request authentication and authorization by using IBM RACF® and LDAP registries. Information is also provided about how to build a high availability infrastructure and how to use the logging and monitoring functions that are available in the CICS Liberty environment.

This book is based on IBM CICS Transaction Server (CICS TS) V5.4 that uses the embedded IBM WebSphere® Application Server Liberty technology. It is also applicable to CICS TS V5.3 with the fixes for the continuous delivery APAR PI77502 applied. Sample applications are used throughout this publication and are freely available for download from the IBM CICSDev GitHub organization along with detailed deployment instructions.

Table of Contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  4. Chapter 1. Installation and configuration
    1. 1.1 Getting your CICS region ready
    2. 1.2 zFS file system configuration
      1. 1.2.1 zFS configuration files
      2. 1.2.2 Autoconfiguration
      3. 1.2.3 zFS structure
      4. 1.2.4 zFS output files
      5. 1.2.5 zFS file permissions
      6. 1.2.6 zFS file encodings and editing tools
    3. 1.3 Setting up a Liberty JVM Server
      1. 1.3.1 JVM profile
      2. 1.3.2 Tailoring the JVM profile
      3. 1.3.3 Liberty specific options
      4. 1.3.4 IBM Language Environment runtime options
      5. 1.3.5 Creating a JVMSERVER resource
    4. 1.4 Tailoring server.xml
      1. 1.4.1 Adding Liberty features
      2. 1.4.2 Include files
      3. 1.4.3 Configuring the HTTP and HTTPS endpoints
      4. 1.4.4 CICS bundle deployed applications
      5. 1.4.5 Default web application
      6. 1.4.6 Liberty transaction log files
      7. 1.4.7 Sample server.xml file
      8. 1.4.8 Welcome page
  5. Chapter 2. Deploying a web application
    1. 2.1 Building the restapp sample
      1. 2.1.1 Obtaining the sample code
      2. 2.1.2 Creating the Eclipse projects
    2. 2.2 Deploying a web application to Liberty
      1. 2.2.1 Deployment by using Liberty dropins
      2. 2.2.2 Deployment as an application element in server.xml
      3. 2.2.3 Deployment in a CICS bundle
      4. 2.2.4 Comparison of the deployment options
    3. 2.3 Advanced deployment options
      1. 2.3.1 Shared libraries
      2. 2.3.2 Global libraries
      3. 2.3.3 Deploying a prebuilt Java archive in a CICS bundle
      4. 2.3.4 Pausing and resuming a server
  6. Chapter 3. Link to Liberty
    1. 3.1 Overview
      1. 3.1.1 Prerequisites
      2. 3.1.2 How it works
    2. 3.2 Link to Liberty sample application
      1. 3.2.1 Building the sample application
      2. 3.2.2 Sample application
      3. 3.2.3 Deploying the sample
      4. 3.2.4 Running the sample
      5. 3.2.5 Manual program definition
      6. 3.2.6 Updating a Link to Liberty program
    3. 3.3 Qualities of service
      1. 3.3.1 Transactions
      2. 3.3.2 Exception and abend processing
      3. 3.3.3 Security
      4. 3.3.4 Summary
  7. Chapter 4. Connecting to Db2 by using JDBC
    1. 4.1 JDBC overview
      1. 4.1.1 JDBC drivers
      2. 4.1.2 Data sources
      3. 4.1.3 Static and dynamic SQL
    2. 4.2 Installing the JDBC Employee application
      1. 4.2.1 Liberty features
      2. 4.2.2 Data source definition
      3. 4.2.3 CICS resources
    3. 4.3 Using JDBC type 2 connectivity
      1. 4.3.1 Configuring CICS resources
      2. 4.3.2 Configuring server.xml
      3. 4.3.3 Binding the plan
      4. 4.3.4 Running the application
    4. 4.4 Using JDBC type 4 connectivity
      1. 4.4.1 Configuring CICS resources
      2. 4.4.2 Configuring server.xml
      3. 4.4.3 Running the application
      4. 4.4.4 Container managed security
    5. 4.5 Transactional support with JDBC
    6. 4.6 Tracing JDBC
  8. Chapter 5. Connecting to IBM MQ by using JMS
    1. 5.1 Introduction to JMS
      1. 5.1.1 Java Message Service
      2. 5.1.2 Message Driven Beans
      3. 5.1.3 Java Naming and Directory Interface
      4. 5.1.4 Connection pooling
    2. 5.2 JMS sample application
      1. 5.2.1 Modifying the JMS sample application
      2. 5.2.2 Deploying the JMS sample application
      3. 5.2.3 Configuring Liberty for the JMS sample application
      4. 5.2.4 Describing the JMS updates to the JVM server profile
    3. 5.3 Required CICS resources
      1. 5.3.1 BUNDLE resources
      2. 5.3.2 URIMAP resource
      3. 5.3.3 Transaction resources
    4. 5.4 Required IBM MQ resources
      1. 5.4.1 Configuring IBM MQ Explorer
      2. 5.4.2 Defining the queues
    5. 5.5 Testing the sample applications
      1. 5.5.1 Testing the MQJMSDemo application
      2. 5.5.2 Testing the MySimpleMDB application
      3. 5.5.3 Use of the Execution Diagnostic Facility
    6. 5.6 Security
      1. 5.6.1 RACF resources
      2. 5.6.2 JMS security scenarios
      3. 5.6.3 Summary
    7. 5.7 Transport Layer Security
      1. 5.7.1 RACF resources
      2. 5.7.2 TLS debugging hints and tips
  9. Chapter 6. Configuring Transport Layer Security support
    1. 6.1 JSSE and JCE
      1. 6.1.1 Updating the JCE policy files
    2. 6.2 TLS server authentication by using a Java keystore
    3. 6.3 TLS server authentication by using a RACF key ring
    4. 6.4 TLS client authentication
    5. 6.5 Hints and tips when using TLS
      1. 6.5.1 Tracing TLS
      2. 6.5.2 Enforcing TLS for web applications
      3. 6.5.3 HTTP persistent connections
      4. 6.5.4 TLS session timeout
      5. 6.5.5 Controlling the TLS version
      6. 6.5.6 Controlling the cipher suite
      7. 6.5.7 Restricting weak algorithms
    6. 6.6 Using cryptographic hardware with JSSE
      1. 6.6.1 Cryptographic hardware
      2. 6.6.2 Cryptographic software
      3. 6.6.3 Configuring TLS to use the cryptographic coprocessors
      4. 6.6.4 Monitoring cryptographic hardware
  10. Chapter 7. Securing web applications
    1. 7.1 Overview
    2. 7.2 z/OS security configuration for Liberty JVM servers
      1. 7.2.1 Starting the angel process
      2. 7.2.2 Setting up access to the angel process
      3. 7.2.3 Profile prefix and required SAF profiles
    3. 7.3 Configuring a Liberty security registry
      1. 7.3.1 Configuring a basic user registry
      2. 7.3.2 Configuring a SAF registry
      3. 7.3.3 Configuring an LDAP registry
    4. 7.4 Authentication scenarios
      1. 7.4.1 Basic authentication with a SAF registry
      2. 7.4.2 Basic authentication by using LDAP credentials
      3. 7.4.3 Form-based login
      4. 7.4.4 Certificate-based client authentication
    5. 7.5 Authorization scenarios
      1. 7.5.1 URL-specific authorization by using EJBROLEs
      2. 7.5.2 Programmatic role authorization by using EJBROLEs
      3. 7.5.3 CICS transaction security with URIMAPs
    6. 7.6 Configuring SSO by using Lightweight Third-Party Authentication
      1. 7.6.1 Configuring LTPA
      2. 7.6.2 Disabling SSO in Liberty
      3. 7.6.3 Requiring TLS when using SSO
    7. 7.7 JSON client code with cookie printer
  11. Chapter 8. Logging and monitoring
    1. 8.1 Message and log files
      1. 8.1.1 CICS logs
      2. 8.1.2 Java logs
      3. 8.1.3 Liberty server logs
      4. 8.1.4 JVM server trace output
    2. 8.2 Monitoring tools
      1. 8.2.1 CICS statistics records
      2. 8.2.2 CICS performance records
      3. 8.2.3 CICS Performance Analyzer
      4. 8.2.4 CICS Explorer
      5. 8.2.5 IBM Health Center
      6. 8.2.6 IBM Application Metrics for Java
      7. 8.2.7 Runaway tasks
      8. 8.2.8 CICS policies
  12. Chapter 9. Port sharing and cloning regions
    1. 9.1 Sharing ports
      1. 9.1.1 Using WLMHEALTH
    2. 9.2 Cloning regions
      1. 9.2.1 Sharing application definitions
      2. 9.2.2 Sharing SSL configuration
      3. 9.2.3 Sharing feature configuration
      4. 9.2.4 Sharing LTPA keys
  13. Back cover