Meet the Experts: Kyle Brown on building and deploying J2EE applications

This question and answer article features Kyle Brown, J2EE architecture and Web services expert, who answers top questions about deploying applications on WebSphere Application Server ND and building applications with J2EE technologies using WebSphere Studio.


Kyle Brown (, Senior Technical Staff Member, IBM Software Services for WebSphere

Kyle Brown is Senior Technical Staff Member for the J2EE Architecture and Web Services team. He works with some of IBM's largest WebSphere customers to help them develop best practices to solve complex business problems

04 February 2004

IBM® WebSphere® Application Server Network Deployment delivers world-class caching, high availability, and industry-leading Web Services support on top of the base J2EE 1.3 WebSphere Application Server foundation. IBM® WebSphere Studio Application Developer is an integrated development environment for building, testing, and deploying J2EE and Web Services applications. For more information, see developerWorks WebSphere Portal zone and developerWorks WebSphere Studio zone.

We thank all of our users who submitted questions to Kyle. He has received a number of them and will answer questions within his scope in the next few weeks.

Question: What is the best way to deploy a Web Service and expose it on the Internet?

Answer: In J2EE, the best way to deploy a Web service is through the JSR-109 deployment mechanism that is implemented in WebSphere Application Server 5.02 and 5.1. JSR-109 is a part of the new J2EE 1.4 specification, and is considered the standard way for deploying Web services. Part 4: Deploying a Web Service to WebSphere Application Server describes the process of deploying a Web service in WebSphere Studio 5.0.

Question: How to set the security roles in WSAD? We are using WAS 4.0.

Answer: You did not state which version of WebSphere Studio you are using, so I will provide the instructions for V5.0. Even if you are deploying your application on WebSphere Application Server 4.0X, you should probably be using WebSphere Studio 5.0 or 5.1 for development. They both support the previous and recent versions of WebSphere Application Server. To secure a Web component in WebSphere Studio:

  1. Go to the Security page of the Web Deployment Descriptor editor.
  2. In the Security Roles tab, click the Add button to add new Security roles for this Web application.
  3. Go to the Security Constraints tab in the editor, and then add a new security constraint. Then click on the Edit button to add Web resources to the Web Resource collection.
  4. Click the Edit button next to the "Authorized Roles" list to select roles (defined in the second step) and associate them with the Web resource collection.

To secure an EJB:

  1. Open the EJB Deployment Descriptor Editor, and go to the Assembly Descriptor tab.
  2. Add your roles using the Add button under the "Security Roles" list.
  3. Click the Add button under the Method Permissions tab to associate roles with EJB methods.

The Security chapter in Enterprise Java™ Programming with IBM WebSphere, Second Edition describes both procedures in detail with screen shots.

Question: Do you know if the 5.0/5.1 version supports auto-generated primary key for the cmp bean? We are using Microsoft® SQL 2000 identity column as the primary key.

Answer: We do not support auto-generated primary keys in WebSphere 5.0 or 5.1. See Chapter 24 (or 25) in Enterprise Java Programming with IBM WebSphere, Second Edition on how you can accomplish this through your own code.

Question: We have to log client transactions with our application server. We have on one machine several instances of our application running (clone) and we want to log in one file. How do we do this and avoid access problems at the same time? I've read something about log4j, but I do not know if it is appropriate. (submitted by Abdel)

Answer: This is a good question! One of the issues with clustering applications is that there is no built-in capability in WebSphere to allow for logging to a common log file across the entire cluster. In fact, your intuition is serving you well. I recommend using Log4J in this case, but I recommend solving the problem of logging to a common file by using a special Log4J appender that places log messages in a shared location. There are two ways to do this that I've seen work successfully in the field. One is to use the built-in Syslog Appender in log4J to send messages to a shared Unix Syslog Daemon. This has the advantage of being easy to set up, but it introduces a single point of failure at the syslogd. Another is to use the built in JMS Appender or adapt the one mentioned in Develop an Asynchronous Logging Framework using log4j with JMS and WebSphere MQ to log to a Queue or Topic in WebSphere MQ. While this requires MQ Series installed, it may eliminate the single point of failure issue through the use of WebSphere MQ clustering.

Question: When I try and access the ADMIN CONSOLE: http://elslonw33387:9090/admin/, it responds with: PAGE NOT FOUND everytime. APPS SERVER V5 is running on Windows - all services are started [incl HTTP Server] How can I debug this problem? (submitted by Terry of Elsevier Science)

Answer: There are a couple of things you can check:

  • Ensure that your application server started successfully. Look in the WebSphere/AppServer/logs/server directory (or if you named your server something else, there is another directory at that level named the same as your server) and examine the content of the SystemOut and SystemErr files. Most likely the server or the administration application (which is just another Web application) did not start successfully.
  • The administration application is not installed on your server instance.

Question: In WebSphere Studio Application Developer, we need to generate the deploy code before deploying it on test server. During this process, a lot of classes (stubs, etc) will be generated. In 5.0, it took about 30 mins to generate the deploy code for about 30 EJBs (maybe 400 EJBs, 400 minutes). It is a disaster. For every little change, you should re-generate the deploy code for 30 minutes! Lack of performance is the biggest problem of WebSphere Studio.

JBoss has a really a good work around for this: REFLECTION, REFLECTION and REFLECTION. It does not have so much impact on performance, specially in J2SDK 1.4. In the development phase, we do not need performance, we need a reliable, fast IDE. WebSphere Studio is a bottleneck in the development phase.

Another question: Why should we generate the deploy code in WebSphere Studio (in the development area) while there is a server right there (the test server) that can do that for us. Even when WebSphere Studio is unable to do this job well, in some situations, the deploy code process would fail (after that 30 mins). Studio gets errors on its own generated codes while there is no error in the task view and no filters is enabled! An example of such a situation is when you use a primary key field named "id" in your entities, generating the deploy code will fail and you get the error: "duplicate local variable id" and you find out Studio has been added another id field to your class! What is the work around? Not using any field named "id" in your entities? Examples of such situations are a lot.

As a person that has been working with Studio for about 1 year, I believe most of the problems are performance related and the generating deploy code mechanism in it. How can we tell the developers: You should re-generate the deploy code for all EJBs if you want to add a finder method, wait about 30 mins to test a finder method, and at the end, it was a typing mistake. Correct it and wait again for another 30 mins!

Answer: In fact, it is the very same code that runs inside the WebSphere server that is used to generate the deployment code for WebSphere Studio. The difference is that WebSphere Studio includes a set of validators that run above and beyond what runs inside WebSphere. We have worked very hard to speed up deployment code generation. In fact, you will find deployment code generation significantly faster in WebSphere Studio 5.1 than it was in WebSphere Studio 5.0. In versions prior to 5.1, you can use the Eclipse JDT for code generation, and synchronization events for every single method change caused our code generation to slow down significantly. Thus, the larger the EJB, the longer it took. In 5.1, we rewrote that code to avoid that problem. It should be approximately 80% faster in 5.1 compared to previous versions.

Question: Can we use relation-table (link/junction table) to Map 1:M (one to many) container managed relationships, just like it is being done for Many to Many?

Answer: We do not support this feature in WebSphere. We only support 1-N through foreign keys on the "owned" side.

Question: In our development environment, we draw a base line of our code, then this base line is deployed in to a test environment, and after passing the tests, we deploy the tested war file to a production environment. The Web app configuration is different between test and production. As of V5, servlet properties can no longer be edited via the WAS console, other than maintaining two separate properties files. Is there a better way of passing configuration info to a Web app after or during deployment? (submitted by Martin S of

Answer: If I'm understanding your question correctly, then I suggest that the changes to the servlet properties are something that would best be done through an ANT script, prior to deployment either in test or production.

Question: I created datasource named sbtdatasource (jdc/sbtdatasource is my jndi name) in WebSphere Studio while running my application. It is raising exceptions like:

Resource reference jdbc/sbtdatasource could not be located, so default values of the 
following are used: [Resource-ref settings]

res-auth:                 1 (APPLICATION)
res-isolation-level:      0 (TRANSACTION_NONE)
res-sharing-scope:        true (SHAREABLE)
res-resolution-control:   999 (undefined),

It is still connecting to the database. I am trying to execute assembly.bat for configuring the assembly tool from the command prompt. Nothing is opening. How can I configure the resource reference for my datasource? (submitted by Sudhakar Rao M)

Answer: WebSphere extensions like isolation level, and standard J2EE properties like sharing scope and resolution control are specified on a Resource Reference, which is declared either in a WAR file (for resource references used by servlets or JSPs), or in an EJB-JAR file (for resource references used by an EJB). This message says that since you seem to be accessing a Resource (JDBC DataSource) through its JNDI name, rather than through a resource reference, these properties are being defaulted. I recommend that you always use resource references (for example, java:comp/env/jdbc/sbtdatasource) every time you look up a DataSource, or other J2EE resource like Queues, Topics, or QueueConnectionFactories. Not only does it make your code less likely to change when JNDI names change, but it prevents this message from occurring.

As to why you cannot open assembly.bat, I'm not sure where you're trying to execute it, or what your configuration is, so debugging that remotely is a bit difficult. However, since you are working in WebSphere Studio, you have all the tools necessary to configure your WAR, EJB-JAR and EAR files inside WebSphere Studio. You do not need to use the assembly tool. We cover configuration of DataSources and Resource references to data sources in Chapter 8 of Enterprise Java Programming with IBM WebSphere, Second Edition.

Question: Why there is a problem using apache-commons logging in WAS v5?

Answer: The reason is that apache-commons logging is such a useful tool, we use it internally in WebSphere! To fix your problems using it, see Integrating Jakarta Commons Logging (JCL) with IBM WebSphere Application Server V5.

Question: Which is the best way to package and deploy a .RAR file? Within the .ear file or stand alone? Also, when we install a resource archive as a resource provider, the default scope is Node. How to configure it in the cell with multiple nodes?

Answer: You should deploy RARs as standalone. A Resource Archive (RAR) is a resource adapter and not a component like a WAR or an EJB JAR. In most cases, vendors (like IBM does for CICS and IMS) should provide RARs. In WebSphere Application Server ND, you can do this by clearing the node name and hitting the Apply button to move the red arrow to the cell when you install the RAR file. The deeper question is why would you want to do that? In most cells, you do not place the same applications on all nodes, so installing a RAR file at the cell level (which would result in it being copied down to all of the nodes in the cell) would be overkill. While it might be slightly simpler from an administrative perspective on the initial installation, when the time comes to update the RAR files (perhaps installing different versions on different nodes for different application prerequisites), it could cause problems.

Question: I wanted to configure my Web application for HTTPS in WebSphere Studio. I do have one common Web module and one application-specific Web module in one ear application in WebSphere Studio 5.0.1. How to enable both of my Web modules to access all the Web pages under https protocol? It is already working under http. I do have a book on WebSphere Studio, but it says it is out of scope for that discussion.

Answer: The answer is this can be done. Testing HTTPs is outside of the accepted bounds of what you should be testing in the WTE. I strongly suggest that you read The Ideal WebSphere Development Environment. What you are suggesting is probably something that should be done in the development integration runtime environment, rather than inside the development environment.

Now, having stated that caveat, here is how you can enable HTTPs inside WebSphere Studio:

  1. Go to the configuration page of your test environment server, and go to the Ports page.
  2. Ensure that port 9443 is configured so that Enable SSL is set to "true".
  3. At this point, you can invoke any of the Web applications deployed on that server through SSL by using port 9443 and the https protocol, rather than http and port 9080. If your original url was http://localhost:9080/myapp/welcome.jsp, the new url is now https://localhost:9443/myapp/welcome.jsp.


Kyle would like to thank Dan Berg and Ron Lotter for their help in preparing this article.

Related information

About Meet the Experts

Meet the Experts is a monthly feature on WSDD. We give you access to the best minds in IBM WebSphere, product experts and executives who are waiting to answer your questions. You submit the questions, and we post the answers to the most popular questions.


developerWorks: Sign in

Required fields are indicated with an asterisk (*).

Need an IBM ID?
Forgot your IBM ID?

Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.


All information submitted is secure.

Dig deeper into WebSphere on developerWorks

ArticleTitle=Meet the Experts: Kyle Brown on building and deploying J2EE applications