This document explains how to deploy a KIE Workbench distribution file (kie-wb-was8.war) on WebSphere Application Server 8.
Open the WebSphere's Administration Console http://127.0.0.1:9060/ibm/console
Then login (if you have administrative security setup)
Before deploy the war file, some server configurations are required:
Go to Servers > Server Types > WAS app servers
Go to MyServer > Server Infrastructure > Process Definition > Java Virtual Machine
Set the JVM max. heap size to a value greater than 1024 Mb. Otherwise, with the default values, WAS freezes while deploying the war.
The following settings are required in order to enable the container managed authentication mechanisms provided by the app. server.
Go to Security > Global security
Ensure the option Enable Application security is checked.
Go to Users and groups > Manage groups
Create 5 groups: admin, analyst, developer, manager, user
Go to Users and groups > Manage users
Create a single user and add to it the 5 roles above.
Go to Servers > Server types > WAS app servers > server1 > Session management> Custom properties
Add this property InvalidateOnUnauthorizedSessionRequestException = true
Register the SSL certificate from Github.com
This is needed in order to enable repository cloning from Github. This is the case of the kie-wb repository examples which are fetched from Github. To do so:
- Go to Security > SSL Certificate and Key Management > Manage endpoint security configurations
- Go to Outbound section. Go to your server node within the tree. Select the HTTP subnode.
- Go to Related Items > Key Stores and certificates
- Select the row in the table named NodeDefaultTrustStore
- Go to Additional properties > Signer certificates
- Click button Retrieve from port
- Fill out the form with these values: Host=github.com, Port=443, Alias=github.com
- Click on Retrieve signer information button, then Ok, and finally, Save to master configuration.
The application requires a datasource which must be created prior to the deployment of the WAR:
Create the JDBC provider
-
Left side panel, click on Resources > JDBC > JDBC Providers
-
Select the appropriate scope and click on the New button.
-
Fill out the form. For non-listed database types (i.e: H2, Postgres & Mysql) you need to provide the path to the JDBC driver jar plus the following class name:
+------------+-------------------------------------------------------------+ | Database | Implementation class name | +------------+-------------------------------------------------------------+ | H2 | org.h2.jdbcx.JdbcDataSource | | Postgres | org.postgresql.xa.PGXADataSource | | Mysql | com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource | +------------+-------------------------------------------------------------+
When you finish, click Ok. If there are no data entry errors, you should be back at the list of JDBC Providers, where you should now see your new provider displayed.
Create the data source
-
Left side panel, click on Resources > JDBC > Data sources
-
Select the appropriate scope and click on the New button.
-
Fill out the creation form. Set the following JNDI name jdbc/jbpm (must match the data source defined in the persistence.xml file contained in the kie-wb.war)
-
Select the existing JDBC provider you created. Click Next.
-
Keep clicking Next until Finish.
-
Save to master configuration.
-
Edit the datasource you just created and click on the Custom properties link.
-
Edit and fill the appropriate values required to set-up the connection. This depends on the database type.
+------------+------------------------------------------------------+ | Database | Datasource custom properties | +------------+------------------------------------------------------+ | H2 | URL, user, password | | Postgres | serverName, databaseName, portNumber, user, password | | Mysql | serverName, databaseName, port, user, password | +------------+------------------------------------------------------+
Create JMS Connection factories Please note that before configuring JMS Connection factories, you have to had configured Service Integration Bus first. Note: These are just example names and they can be configured as needed
-
KIE.RESPONSE.ALL - to receive all responses produced by bpms assigned JNDI name needs to be set as one of JVM custom properties (kie.services.jms.queues.response)
-
KIE.INPUT - to send messages to bpms assigned JNDI name will be used when sending messages over JMS
-
KIE.EXECUTOR - to send messages to a kie executor service assigned JNDI name needs to be set as one of JVM custom properties (org.kie.executor.jms.cf)
- Left side panel click on Resources > JMS > Connection factories > New > Default messaging provider
- Provide the name, JNDI name (e.g. KIE.RESPONSE.ALL and jms/conn/KIE.RESPONSE.ALL)
- Choose the bus name
Create JMS Queues
-
KIE.AUDIT - for asynchronous audit log
-
KIE.RESPONSE.ALL - for bpms responses
-
KIE.SESSION - for ksession based operations
-
KIE.TASK - for task based operations
-
KIE.EXECUTOR - for kie executor service assigned JNDI name needs to be set as one of JVM custom properties (org.kie.executor.jms.queue)
-
KIE.SIGNAL - for sending external signals to jBPM processes
- Left side panel click on Resources > JMS > Queues > New, select Default messaging provider
- Provide a name, JNDI name (e.g. KIE.AUDIT and jms/queue/KIE.AUDIT)
- Choose the bus name
- Choose Create Service Bus Integration Destination, follow the wizard and select the newly created queue name
- Click OK
Create JMS Activation specifications
-
KIE.AUDIT - for asynchronous audit log
-
KIE.SESSION - for ksession based operations
-
KIE.TASK - for task based operations
-
KIE.EXECUTOR - for kie executor service
-
KIE.SIGNAL - for sending external signals to jBPM processes
- Left side panel click on Resources > JMS > Activation specifications > New, select Default messaging provider
- Provide a name, JNDI name (e.g. KIE.AUDIT and jms/activation/KIE.AUDIT)
- Select Queue as Destination type, provide JNDI name of the corresponding queue (e.g. jms/queue/KIE.AUDIT)
- Choose the bus name
- Click OK
Additional JVM properties
- jbpm.ut.jndi.lookup - jta/usertransaction -- allows to look up user transaction from within non managed threads, e.g. timers
- kie.services.jms.queues.response - {JNDI_NAME} -- JNDI name of the response queue for JMS remote API
- org.kie.executor.jms.queue - {JNDI_NAME} -- JNDI name of the kie executor service JMS queue
- org.kie.executor.jms.cf - {JNDI_NAME} -- JNDI name of the kie executor service JMS connection factory
- kie.services.rest.deploy.async - false -- instructs REST service to use synchronous mode to process deployments must be set for WebSphere due to issues with CDI on WAS 8.5
- org.apache.wink.jaxbcontextcache - off -- makes sure that the websphere apache wink framework does not cache JAXBContexts. This is unnecessary for performance and also interferes with the custom-type serialization for the REST APi
Upload the WAR file
- Left side panel click on Applications > Application types > Websphere enterprise applications
- Click on Install, select the kie-wb-was8.war file from your local filesystem. Click Next
- From here, you will be asked with several deployments settings.
- You'll need to select the datasource created above as the datasource to be used by the application.
- Screen Bind listeners for message-driven beans - select for every bean Activation Specification and fill the corresponding activation specification JNDI name into Target Resource JNDI Name (e.g. jms/activation/KIE.SESSION). You may also specify Destination JNDI name using JNDI name of the appropriate JMS queue (e.g. jms/queue/KIE.SESSION).
- We also recommend to set is the context path of the webapp to kie-wb.
- Screen Map resource references to resources - for both beans provide JNDI name of KIE.RESPONSE.ALL connection factory (e.g. jms/conn/KIE.RESPONSE.ALL).
- Click Next until finished.
App. settings
Go to Applications > Application types > Websphere enterprise applications > kie-wb app > Security role to user/group mapping
- Select the five BPMS roles: admin, analyst, developer, manager, user.
- Click on Map Special Subjects and select the All Authenticated in Application's Realm option.
Go to Applications > Application types > Websphere enterprise applications > kie-wb app > Class loading and update detection
Ensure the following radio buttons are checked:
- Classes loaded with local class loader first (parent last)
- Single class loader for application
Save the configurations to the master and restart the server.
Once restarted you should be able to access the kie-wb application by typing the following URL: http://http://localhost:9081/kie-wb