I've seen so many requests as to how to get IBM's WebSphere to play nice with secure HTTPS based Web Service calls. I finally sat down today and loaded up IBM's WebSphere Application Server (v1.5.2) to try to get to the bottom of what is causing everyone so much grief.

My goal was to build an iControl app in WebSphere that could make secure calls to the BIG-IP using Apache Axis (v1.3) as the SOAP library. WebSphere includes Axis 1.0.2 but I'd recommend using a more up-to-date version in your deployment.

After about 20 minutes of trying to figure out the GUI, the creation of a simple console utility, and how to add external libraries to the project I finally had it. Here's the steps I went through.

  • 1. install WebSphere 5.1.2
  • 2. Create iControl jar file    
    • a extract the iControl SDK
    •       
    • b. cd {sdk_root}/sdk/samples/soap/java/apache/axis
    •       
    • c. edit setenv.bat with local java settings
    •       
    • d. run make.bat to create the binding sources
    •       
    • e. cd bindings/iControl
    •       
    • f. javac -classpath .. *.java
    •       
    • g. javac -classpath .. holders/*.java
    •       
    • h. cd ../..; mkdir obj; cd obj
    •       
    • i. xcopy ../bindings/* . /s /e
    •       
    • j. del /s *.java
    •       
    • k. jar cvf iControl.jar iControl
    •    
  • 3. Create new project in WebSphere
  • 4. Load up one of the sample files
  • 5. Add the following external libraries to the project
  •    
    • {from WebSphere's runtime}          
      • ibmjsse.jar
      •             
      • xml.jar
      •          
    •       
    • {from axis}          
      • activation.jar
      •             
      • axis.jar
      •             
      • commons-discovery.jar
      •             
      • commons-logging.jar
      •             
      • jaxrpc.jar
      •             
      • mail.jar
      •             
      • wsdl4j-1.5.1.jar
      •          
    •       
    • {from sun}          
      • saaj.jar
      •          
    •       
    • {iControl}          
      • iControl.jar
      •          
    •    
  • 6. Add the following to the java.security file in your WebSphere runtime

    security.provider.3=com.ibm.jsse.IBMJSSEProvider

    This was found in this technote from IBM:

    java.net.SocketException: Algorithm SSL not available

  • 7. Compile and run

The trick really was finding out which combination of jar files from which distribution to combine together to avoid all the runtime errors. I think my list above about covers it. Also, the default java.security file doesn't contain the IBMJSSEProvider so that needed to be added. Funny thing is that it was added to a version of that file in one of the runtimes in the distribution, just not the default one. Odd...

Hopefully this helps others out there...

-Joe

[Listening to: Surrender - U2 - War (05:34)]