Meet the experts: Jason McGee on WebSphere Application Server

This month we asked Jason McGee to answer your questions about WebSphere Application Server, J2EE, and Java. WebSphere Application Server is a Java-based Web application server, built on open standards, that helps you deploy and manage applications ranging from simple Web sites to powerful e-business solutions. Jason is chief architect for WebSphere Application Server Base/Network Deployment. For more information, see WebSphere Application Server Zone.

We appreciate and thank all the WebSphere developers who submitted questions.


Jason McGee (, Distinguished Engineer, WebSphere XD Chief Architect, IBM WebSphere Extended Deployment

Photo: Jason McGeeJason McGee is a Distinguished Engineer and Chief Architect for WebSphere Extended Deployment (XD). Previously, Jason was the Chief Architect of the Base and Network Deployment versions of WebSphere Application Server. He is a senior architect on the WebSphere Foundation Architecture Board and an associate member of the IBM Software Group Architecture Board. Jason serves as the Director of WebSphere Advanced Technologies, responsible for the productization new technologies into the WebSphere platform. Jason joined IBM in 1997 and has been a member of the WebSphere Application Server product since its inception. He helped to define the concepts of Servlets and JavaServer Pages (JSP) for processing Web presentation logic on WebSphere. Jason was responsible for the design and implementation of the Web Container in WebSphere Application Server. Mr. McGee has been heavily involved in leading the architecture for key parts of the WebSphere Application Server, including the server runtime and the XML-based systems management architecture. Jason graduated with a B.S. degree in computer engineering from Virginia Tech in 1995.

10 January 2003

Question: I continually receive the following console output in WebSphere Studio Application Developer 5.0:

Servlet Request Processor Exception: Virtual Host/WebGroup Not Found:
The web group /theme/Master.css has not been defined

The message is repeated for each of the CSS files in the application. (submitted by Jay Burrill)

Answer: The exact cause of your problem depends on your configuration, and without more information, will be hard to diagnose. However, maybe a little background information will be helpful. WebSphere supports virtual hosting for Web applications. What this means is that when a request is made to the application server, the entire URL (host, port, and URI) is used to locate the appropriate Web application to service the request. The message you are receiving is produced because the application server cannot locate a matching virtual host or a Web application that matches the URI.

To find the virtual host, the application server looks at the host and port of the incoming request. This is the host and port in the address bar of your browser, or more precisely, the host and port sent in the host header of the HTTP request. Since you are getting this message, you are getting to the AppServer so the problem may be related to the alias list of the virtual hosts in your WebSphere configuration. The virtual host information is stored in the file <install root>/config/cells/<cell name>/virtualhosts.xml . Make sure the port you are using is listed in that file.

Assuming that your virtual hosts are setup correctly and you are not having a host name or port problem, the other likely cause of this message is that the application server cannot find an appropriate Web application on the located virtual host to service the request. In other words, a Web application was not found on the correct virtual host whose context root matched the URL. In the example you gave above, the context root would have to be / or /theme . If you do not have a Web application with one of these context roots, then you get this message.

Question: When using an LDAP user registry, is there a way to programmatically obtain the host name, port, and base DN configured in the application server's security.xml file? There's some extra user attributes I'd like to fetch from the directory via JNDI and I don't like the idea of having to specify my LDAP server information twice. (submitted by SS)

Answer: This is possible, but complicated. There is no direct API that provides access to the information that you want to access. However, all of WebSphere's configuration information is available through JMX APIs, including all of the configuration information that is contained in the XML configuration files. There are public APIs provided to access to JMX and to the MBeans that are provided by WebSphere. To get started, look at the following article in the WebSphere 5 InfoCenter, Creating a custom Java administrative client program using WebSphere Application Server administrative Java APIs. This provides some good background on the basics of programmatically accessing the WebSphere administration system. For your situation, you want to access the ConfigService MBean. The ConfigService allows you to access to the server's configuration information. You want access the LDAPUserRegistry type from the ConfigService. It provides the following attributes, which should provide the information you need:

"baseDN String" 
"bindDN String"
"bindPassword String"
"hosts EndPoint*"
"ignoreCase Boolean"
"limit Integer" 
"monitorInterval Long" 
"properties Property(TypedProperty)*" 
"realm String" 
"reuseConnection Boolean" 
"searchFilter LDAPSearchFilter" 
"searchTimeout Long" 
"serverId String" 
"serverPassword String" 
"sslConfig String" 
"sslEnabled Boolean" 

Below are articles in the Information Center that provide examples of programmatically using the ConfigService:

For reference information, see MBean API Reference and product Javadoc in the product installation directory:
<install root>/web/mbeanDocs/index.html and <install root>/web/apiDocs/index.html .

Question: I'd like to know the default directory in WAS 4.0. I try to run my Web application from WebSphere Studio Application Developer. My Web project contains one servlet and one JSP. My servlet and JSP are using a properties file to read certain parameters. Where should I put that properties file for the JSP and servlet? In general, what could be the default directory to read these properties files or any other resources? (submitted by Sreenivasa Rao P)

Answer: The default directory of the server really depends on how the server is started and is, therefore, an unreliable way to load property and other resource files for a Web application. The best method to use is that prescribed by the servlet specification. Place your properties file (let's call it inside your Web application somewhere (let's say in the props subfolder of the WAR). Use the following to get an InputStream on the properties file:

InputStream in = getServletContext().getResourceAsStream("/props/");

This works regardless of the default directory of the server or the location of the Web application on the disk. It allows the properties file to remain within the application itself.

Question: How do we retrieve WebSphere 5.0 environment variables like WAS_HOME by a Java program in the run-time? I suppose we should use some WAS API to do this. Could you please let us know any reference to use WAS API? (submitted by John Wen)

Answer: Many of the WebSphere specific variables are available as system properties within the application server and you can simply use System.getProperty() to read them. For example, the WAS_HOME variable is available as the System property was.install.root . I have included a partial list of WebSphere System properties below:


Question: WebSphere Application Server 5.0 installation questions: Some of my customers still use WebSphere Application Server Advanced Edition 4.0, so I would prefer having Application Server 4.0 and Application Server 5.0 on the same machine to support them. Can Application Server 5.0 coexist with Application Server 4.0? Also, I heard that Application Server 5.0's embedded messaging component could interfere with my existing WebSphere MQ and WebSphere Studio Application Developer 5.0 installation. Please advise how to avoid this conflict. (submitted by EC)

Answer: WebSphere 4.0 and 5.0 can coexist on the same machine at the same time. There is support for configuring this built directly into the installation program for WebSphere 5 and the information on how to set up coexistence is provided in the InfoCenter. Setting up Version 4.0.x and Version 5 coexistence describes setup details. For the MQ issue, WebSphere's embedded messaging does not interfere with WebSphere MQ, but you cannot have both installed separately at the same time. If you have WebSphere MQ installed already on the system, you can configure WebSphere to use that instead of the embedded provider. For more information, see Installing WebSphere MQ as the JMS provider.

Question: I have deployed a Struts-based web application to WebSphere Application Server 5.0, and all works fine. However, once I enable Java2 Security on the server, the application no longer works, even with the proper permissions set in the WAS.policy file. Do you have a Struts-based application that works on Application Server 5.0 with Java2 Security enabled? (submitted by MervinW)

Answer: Certainly. The WebSphere 5.0 Administration Console is a Struts-based application that works with Java2 Security enabled. Unfortunately, without more information I cannot really provide a detailed answer on how to resolve your problem. Make sure that you are modifying the was.policy file in the META-INF directory of the EAR file of your application. If you have already installed the application and you are modifying the policy file, make sure you modify the right copy of the was.policy file. On installation of an application, WebSphere makes a copy of all of the metadata files in the EAR into the <install root>/config/cells/<cell name>/applications/<app name>.ear/deployments/<app name> folder. Therefore, the copy of the policy file that is actually read by the server is the following: <install root>/config/cells/<cell name>/applications/<app name>.ear/deployments/<app name>/META-INF/was.policy . Make sure this is the copy that you are modifying. Of course, if you reinstall the application with a new policy file, things will work correctly as well.

Question: Our J2EE applications are currently accessing the Domino LDAP Server for authentication via the LDAPAuthentication class that we have developed in-house. This LDAPAuthentication class uses the JNDI API to search the Domino LDAP Server. However, we are not able to use this same LDAPAuthentication class to search the Active Directory as the JNDI API is not supported by Active Directory. Is there an alternative JAVA API (supported by Active Directory) that we can use to customize our LDAPAuthentication class so as to access the Active Directory for authentication? (submitted by RS)

Answer: Active Directory supports the LDAP protocol and you can access it from Java using the standard Java JNDI APIs. The LDAP server does not really have to support the JNDI APIs, just the LDAP protocol. If you are having problems, it is most likely a configuration problem in how you are attempting to access ActiveDirectory. I have included a simple test case program to authenticate a distinguished name to an LDAP server. Make sure your LDAPAuthentication class looks basically like this. In general, you should not have to treat ActiveDirectory any differently than any other LDAP Server.

import java.util.Properties;
import javax.naming.*;   

//include the JNDI in the classpath. You should use the same JDK used by WebSphere Application server.

class wasLdapAuth 
public static void main(String[] args) 
    //***************** user information to be authenticated ********************************
    //*****************Please modify the following three properties accordingly ************
    String ldapHost= "ldap://"; //ldap host + port number
    String DN = "cn=user1, ou=Austin,o=ibm,c=us";   // DN to be authenticated 
    String password = "security";  //  DN's password     
    //***************** End of user information
    Properties props = new Properties();  
    props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");    
	//for websphere 4.0 and 5.0
    //props.put(Context.INITIAL_CONTEXT_FACTORY, "");     
	// for WebSphere 3.5 release 
    props.put(Context.SECURITY_AUTHENTICATION, "simple");     //use simple authentication mechanism
    props.put(Context.SECURITY_CREDENTIALS, password);  
    props.put(Context.SECURITY_PRINCIPAL, DN);     
    props.put(Context.PROVIDER_URL, ldapHost);  

    long start = System.currentTimeMillis();
    long end=0;
    long time =0;

        DirContext ctx = new InitialDirContext(props);
        end = System.currentTimeMillis();
        time = end - start;
        System.out.println( "authentication takes = " + time + " millis");     
        System.out.println("successfully authenticate DN: "+DN);

        catch (Exception ex)
        end = System.currentTimeMillis();
        time = end - start;
        System.out.println("Exception is "+ex.toString()); 
        System.out.println( "authentication takes = " + time + " millis");    
        System.out.println("fail to authenticate DN: "+DN);

Question: I want to start a program on server startup which does the loading of static data in to memory and some other lookup, starting a scheduler which uses the JDK1.3 Timer. In WebSphere 3.5, there is an interface ServiceInitializer which can be implemented by my startup class. This works fine and my work is done. But in version 4 and above, there is an interface CustomService which has to be implemented by the startup class. But this way I cannot use a connection from the pool or I cannot do a look up of a bean as the name server is not started. How can I make my startup class to do the lookup of the bean or a datasource in WebSphere version 4? Can I use the same ServiceInitializer interface or any other alternative? (submitted by Kiran K)

Answer: The ServiceInitializer API in 3.5 was replaced by the CustomService API in 4.0, and as you have discovered, the allowable behavior is more restricted with CustomServices. CustomServices are called earlier in the startup sequence of the server and therefore, do not have access to many of the services of the server itself. Unfortunately, there is no alternative in 4.0 that gives you the same level of access that ServiceInitializers provided. The restrictions were introduced to safeguard the server runtime and to clarify the expected behavior for initialization code in the server.

Question: To create any EJB, MDB using WebSphere Application Server 5.0, do I have to implement/extend any WebSphere specific interface/class or standard EJB interface? Does it have AccessBeans like version 4.0 (submitted by RS)

Answer: To create an EJB or a Message-driven bean (MDB), you do not have to implement or extend any WebSphere specific interface or class. These are standardized components that are part of J2EE and you simply extend or implement the standard EJB interface classes. Release 5.0 still supports a form of Access Beans that are generated by the WebSphere Studio tools to wrapper EJBs. WebSphere Studio Application Developer 5.0 supports three types of Access Beans, a data class, a copy helper, and a Java bean wrapper. For more information, see the WebSphere Studio Application Developer product documentation

Question: I am using WebSphere Studio Application Developer 4.0 with WebSphere Application Server 4.0. In Application Developer, we developed stateful/stateless session beans. Each EJB module has its own deployment descriptor. But in the deployment descriptors of the Session Beans, there is no Timeout attribute by default. Where can we set this attribute? Can we set in the indiviudal EJB modules' deployment descriptors, or do we need to set in the Websphere Application Server admin console for the entire .EAR file? Please let me know where and how to set the Timeout attribute and the exact line of code of setting details. (submitted by CK)

Answer: I assume you are asking about the timeout value for stateful session EJBs. WebSphere provides an extension that allows you to specify the timeout value per session bean in the ibm-ejb-jar-ext.xmi document. You can specify the value within either the AAT or within Application Developer. Within Application Developer, you can specify this value on the Beans tab of the EJB Deployment Descriptor editor. Select the session bean you want to edit, scroll down, and you should see a Session Timeout property under the WebSphere Extensions section of the page.

Question: What are the different TimeOuts attributes that Websphere 4.0 support, apart from Transaction TimeOut and Session bean TimeOut? In my project, the client would get a handle to a stateless session bean, which acts as a facade that calls several stateless and stateful session beans as a part of the workflow in a transaction aware environment. So in this case should the session's TimeOut be set larger than that of the transaction? Also, should stateless session bean have a TimeOut set to a much larger value than that of the beans that it calls? If so, what is the optimal max_value that the timeout can be set? Is there an algorithm that is needed to set the timeout value(s) in the above situation? (submitted by CK)

Answer: There is not a simple algorithm that you can apply. In general, the bean timeout would be larger than the individual transaction timeout. In your case, where your stateless session bean fronts a group of other session beans, the correct timeout depends on the relationship between the beans. If all of the bean instances are created together and stay together, than all of the beans should have the same timeout so that everything goes away at about the same time. If, however, the contained beans have a lifecycle that is different than the bean that fronts them, the timeouts should be set appropriately for each individual bean.

Question: Our institution of higher education operates a pre-college education program called the Internet Science and Technology Fair. Student teams complete research projects using IT tools working with online scientists and engineers. Their final research reports are developed in a Web site format and then evaluated by a panel of national judges. After six years of operating the program, it is clear we are in need of a portal solution to help make virtual teaming possible. Teams need to collaborate as they research, synthesize, communicate, develop, and report throughout the four-month competition. WebSphere Application Server appears (per the specs) to be exacly what is needed. Is there any possibility that you or someone in IBM would be willing to help us build an WebSphere education application? It will need to support thousands of students for their goal is to explore technical career opportunities. We have very little in the way of resources, but hope a project of this nature is of interest. (submitted by BF)

Answer: I would be happy to get you connected with people inside IBM who might be able to assist and contribute. Contact me through the developerWorks customer support contact at

Question: After deploying an .ear file in Websphere Application Server Advanced Edition 4.0 on the Solaris operating system, while accessing the application, it's replacing all special characters (Ü,^,¢,£) with this character, "?". These special characters are used in strings concat and while splitting the strings with the above mentioned special character set. It is recognizing them as "?" in each and every instance. This problem comes in the WebSphere Application Server Advanced Edition operating system under the Solaris operating system, but it works fine for WebSphere Application Server Windows NT. (submitted by Raja Ravindra)

Answer: This is not an issue I have heard of before. Unfortunately, I cannot really help much without more information on where these characters are located and what you are doing with them. Are they characters in a URL sent to the application server? Are they parameters of the request? When is the replace happening? It certainly sounds like an interesting problem. You can send details to the developerWorks customer support contact at .


developerWorks: Sign in

Required fields are indicated with an asterisk (*).

Need an IBM ID?
Forgot your IBM ID?

Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.


All information submitted is secure.

Dig deeper into WebSphere on developerWorks

ArticleTitle=Meet the experts: Jason McGee on WebSphere Application Server