In today's blog post we will look at some some of the questions I received from customers in regards to developing a Portal 8 or 8.5 theme.

1. How to find out which dojo classes are included in which of the modules that we define Out of the Box?

The modularized theme architecture enables you by specifying modules in the profile to combine resource requests for javascript, css stylesheets and other static resources. The theme defines a set of modules Out of the Box that you can include in your theme profile. When using dojo you know that your portlets or theme code uses certain dojo classes but the question is which of the predefined modules includes the class you need. The answer can be found in the file build-report.txt in the directory PortalServer\theme\wp.theme.dojo\installedApps\dojo.ear\dojo.war\<version>.

2. I made a change to theme_en.html or another html file in my static theme war file but why does it not become visible?

You need to hit Ctrl + F5. This will cause the correct cache headers to flow to the server and the files will be updated. The exception is for layout.html files. For the layout files you need to restart the Portal server for the change to become visible if creating an ear based theme.

3. Why are request parameters getting lost between dynamic content spot JSP's?

Portal provides an isolation between dynamic content spots - request parameters are hidden between the dynamic content spots. Parameters set in Default.jsp will be visible though throughout the different dynamic content spots. If you create a map object as a request parameter in the Default.jsp you can store and retrieve parameters in that map between the dynamic content spots.

The same holds true for externally passed in request parameters that come in e.g. as query parameters. They can be retrieved inside Default.jsp and be made available to the dynamic content spots but not be retrieved directly from within the dynamic content spots.

4. Is there a limit of how many CSS rules in a single file can be interpreted by the older versions of Microsoft Internet Explorer?

Yes - as documented here: http://support.microsoft.com/kb/262161

If you are using the theme resource aggregation Portal combines the css files for you and that can lead to larger CSS files than Microsoft Internet Explorer can handle you can influence how large the CSS files become for a single request by setting the following property in WP ConfigService:

resourceaggregation.split.css=150

5. Issues with caching of ra:collection URLs?

My colleague Stephan has recently written a great article on how to debug cachability issues with the static resource requests:

https://developer.ibm.com/digexp/docs/docs/customization-administration/debugging-cachability-issues-theme-resource-aggregator-requests/

6. Is there a quick way to get to an ear based theme?

There are a few step by step documents that document the process but for 8.5 a faster way is to leverage the sample ear based theme that is shipped in form of a paa file (Portal Application Archive) here:

http://www.openntf.org/main.nsf/project.xsp?r=project/5C8D7A764AB38B1386257CE0004AB90E

Unzip the paa file (a paa file can simply be renamed to a zip file) and browse to the WARTheme85 directory:

- in the installableApps\ear directory you will find the WARTheme85.ear file - this can be imported into Rational Application Developer or Eclipse or your J2EE development environment of choice

- in the content\xmlaccess\install directory you will find the xmlaccess script that can be used to install the theme

You can then adjust the theme as needed - e.g. define your own context root for the theme or modify the functionality.

Currently the theme paa is based upon 8.5 CF0 - if you want to use the new functionality provided with later CFs you will need to reapply those changes to your theme.

7. How can I add CTC functionality to my ear based theme?

When installing CTC (Content Templating Catalog) the webdav store is updated with various files needed for CTC. If you have a custom theme you need to redo those changes in your theme. That means copying the new files into your static war file:

- CTC folder

- ctc.json into the contributions folder

- a bunch of profiles going into the profiles directory

- CtcLayouts.json and CtcStyles.json in the system directory

For webdav themes the metadata.properties file is being updated with the following entries:

ibm.portal.shelf.style.json.ctcstyles=system/CtcStyles.json
ibm.portal.shelf.layout.json.ctclayouts=system/CtcLayouts.json

For ear based themes the metadata.properties file is not used and those properties need to be defined via XMLAccess for the theme - e.g.:

<parameter name="ibm.portal.shelf.layout.json.ctclayouts" type="string" update="set">
<![CDATA[war:MyStaticContextRoot/themes/MyTheme/system/CtcLayouts.json]]>
</parameter>
<parameter name="ibm.portal.shelf.style.json.ctcstyles" type="string" update="set">
<![CDATA[war:MyStaticContextRoot/themes/MyTheme/system/CtcStyles.json]]>
</parameter>

In today's blog post I will explain a few tips and tricks I like to use and that will hopefully help you as well.

1. Drag and Drop Deployment
With WebSphere Application Server 8 and above you can can deploy ear,war, jar and other artifacts by putting them into a monitored folder in your file system.
When updating an ear file it will automatically be deployed for you. If you remove the file the according WebSphere artifact is removed as well. You can choose the location of the folder, you can also configure additional deployment properties if you want to. If you want to deploy portlets this way you would need to leverage the predeployed portlet option since the drag and drop deployment bypasses XMLAccess. Then you would still need to register the portlets in Portal via XMLAccess but subsequent deployments that do not add portlets inside your war / ear file would not need that step.
For details please have a look at:
Pre-deployed portlets: http://www-10.lotus.com/ldd/portalwiki.nsf/xpDocViewer.xsp?lookupName=IBM+WebSphere+Portal+8+Product+Documentation#action=openDocument&res_title=Registering_predeployed_portlets_wp8&content=pdcontent&sa=true
Drag and Drop deployment: http://pic.dhe.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Ftrun_app_install_dragdrop.html

2. Faster Portal server startup
We offer two configuration tasks for improving the startup performance of your Portal server JVM. For production usage we recommend the light mode , while for development systems you can use the developer mode. The tasks are available starting with WebSphere Portal 6.1. Both tasks disable the majority of the portlets we ship out of the box and start them when you first use them.
For details please have a look at:
Developer Mode: http://www-10.lotus.com/ldd/portalwiki.nsf/dx/Setting_up_a_development_server_wp8
Portal Light Mode: http://www-10.lotus.com/ldd/portalwiki.nsf/dx/Enabling_and_disabling_portal_light_mode_wp8

Still not fast enough?
Disable Services in WebSphere Application Server that you are not using - e.g. the Internationalization Service.
Take a look at the Portal tuning guide for details: http://www-10.lotus.com/ldd/portalwiki.nsf/dx/IBM_WebSphere_Portal_V_8.0_Performance_Tuning_Guide

3. How to clone the user registry configuration between systems
If using federated security there is a shortcut to running all the different security tasks to get security enabled against the right user repositories. Since the configuration is stored within the VMM (Virtual Member Manager) configuration files and WebSphere Security itself only points to VMM, one can copy the configuration between systems if both are supposed to use the same configuration.
The relevant files are within the <Profile>/config/cells/<Cellname>/wim directory. If you are within a cluster stop all java processes, then copy the files to each node including the Deployment Manager and restart.
A few notes:
- this will only work if the admin user and group stay the same (e.g. wpsadmin and wpsadmins in the file repository)
- this does not cover running member fixer or any other adjustments typically needed after changing the security configuration
- as always you want to take backups before trying this ;)

4. Limit memory cache size
So you increased the WCM or your custom cache sizes and suddenly get memory issues? While the WebSphere configuration in the past exposed a configurable parameter for the number of entries in the cache it was possible to have huge entries that would use up so much memory that your JVM would be in trouble (Out of Memory or high garbage collection processing).
Starting with WebSphere Application Server 8 you can now also configure a maximum size limit for the used memory of the cache. This can be done in the WebSphere Application Server Admin Console in the same area you can increase the number of cache entries.

5. Figuring out who might be calling this method
Everybody was supposed to stop using this method but some code is still calling it and you can not find out which code is doing it? Or you see some System out messages but it is unclear who is printing it but it is severe enough to slow down the system?
The IBM JVM has a "trace engine" built in, which can be used to track Java methods and trigger different actions when certain method(s) execute. One of the actions is creating a javacore - that holds the stack traces. For example to trigger a javacore when MyClass.myMethod is called one would add the following JVM parameter:
    -Xtrace:trigger=method{my/package/MyClass.myMethod,javadump}
For details please have a look at:
http://publib.boulder.ibm.com/infocenter/javasdk/v6r0/index.jsp?topic=/com.ibm.java.doc.diagnostics.60/diag/tools/trace_options_trigger.html
http://wasdynacache.blogspot.com/2011/12/jvm-xdump-options-for-scenario-based.html

6. Live profiling of your system with Health Center
The IBM Monitoring and Diagnostic Tools for Java - Health Center is a lightweight tool that monitors active IBM Virtual Machines for Java with minimal performance overhead.
The Health Center suggests live tuning recommendations for Garbage Collection, profiles methods including call stacks, and highlights contended locks. This information can help
you optimize performance, improve stability and optimize system resource usage.
The tool is free and very useful - since it has a low overhead I have used it with a production JVM to see which methods are most often executed and therefore potentially need
For details please have a look at:
http://www.ibm.com/developerworks/java/jdk/tools/healthcenter/
 

Introduction

What is WebAphere Application Edition Management (AEM)?

From the WebSphere InfoCenter: Application edition management enables management of interruption-free production application deployments. Using this feature, you can validate a new edition of an application in your production environment without affecting users, and upgrade your applications without incurring user outages. You can also run multiple editions of a single application concurrently, directing different users to different editions, as the ODR maintains not only traditional application state (for example, HTTP session) affinity, but also application version affinity. The ability to queue requests is also employed with the Intelligent Management application edition function if an “atomic” application update that allows pre-provisioning of a new application version, and an “atomic” update of all users from the old application version to the new application version, is desired.

WebSphere Portal only takes advantage of application (portlet) versioning. Since the Portal servlet aggregates portlet markup, the use of ODR will not facilitate routing of certain users to particular versions of a portlet as happens with applications (e.g. servlets) in WebSphere Application Server. The main use of this function in a portal context would be the ability to quickly “roll back” from a current version of a portlet to a previous version in case errors are found or to “roll forward” when a new version is ready to deploy.

Support (or Lack There-of)

The use of AEM is officially “unsupported” in a Portal context. This is mainly due to three reasons. First is the list of caveats which immediately follow. Second is that the Portal UI screens do not have appropriate fields to support AEM versioning. Lastly is the lack of testing of this WebSphere feature.

If a problem does arise with the use of AEM, the IBM Portal support team cannot and will not accept problem reports (PMRs) that arise from arise from the use of AEM in portlets that are being deployed and managed as outlined below in this paper.

However, AEM does work in a limited fashion with WebSphere Portal. This paper shows how to use AEM along with some of the important considerations to consider before employing AEM.

Caveats

There are several caveats that must be considered when using AEM in a Portal context. Some of these include (but may not be limited to):

1) Portlet Preferences: if a new “edition” of a portlet is created, and the "new" edition adds or removes a portlet preferences, problems will arise. This is due to the way that portlet preferences are stored in the internal Portal database. Don't add or remove portlet preferences in versions of a portlet under AEM control. In other words, the external API of the portlet that is versioned should remain precisely the same.

2) WSRP: WSRP has not been fully tested and the results of changing the “producer” edition is not clear. It is suppected that this would work fine as long as the external API of the producer portlet does not change.

3) Theme module contribution: if the versioned portlet is using module contribution support, to contribute to the theme, the theme cache will have the old contribution unless you clear the theme cache when you also switch the portlet edition via AEM in WAS.

4) Portlet Cache: if the portlet cache is enabled and the AEM portlet is configured to portlet cache, you would have to manually clear out the portlet cache everytime you switch in WAS or accept that the cached version of the HTML markup might be wrong until the portlet cache times out.

5) Legal Requirements: With AEM, it may NOT be known what portlet was in use at a given point in time. Many customers have legal processes in place that require that customer to be able to clearly document what was on the site on a particular point in time. The is no provision in AEM to handle this. However, SystemOut.log files can show when a portlet version was changed. So archiving of logs can aid in this problem.

6) Portlet Eventing: if the portlet is using the JSR286 eventing API, existing page wires can break if different versions change the wiring/eventing model. Again, don't change the external API of the version(s).

7) Portlet Installation: To use AEM, you must use the “pre-deployed portlet EAR” method for installing portlets. And, just like with regular pre-deployed portlets, you cannot switch back to using the Portal GUI to deploy WAR files once a portlet is deployed as an EAR and registered to Portal using XMLAccess. If you do switch installation methods for an already registed portlet, you in an indeterminent state from which recovery might be impossible.

8) “In Use” Portlets: Just as with regular portlet deployments, updating (or changing the version of a portlet) can affect users that are currently using that portlet; particularly if that portlet was “stateful”. The “drain” feature of AEM can help with this. If the drain period is long enough, the probability that users might still be on the portlet decreases.

9) Other caveats: There might be other issues not specifically documented here. The use of AEM in a Portal context should be tested to insure it meets your needs.

Steps to Use AEM In a Portal Context

I have created a portlet call “AEMTest”. It is extremely simple and merely prints the version of itself on the browser screen. Here is the “3rd” version's HTML output:

I created this portlet in RAD. I deployed the initial version (version 1) in WebSphere Application Server as an EAR with this application.xml file:

<?xml version="1.0" encoding="UTF-8"?>

<application id="Application_ID" version="6" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_6.xsd">

<application-name>AEMTest</application-name>

<display-name>AEMTest</display-name>

<module id="Module_1458741635357">

<web>

<web-uri>AEMTest.war</web-uri>

<context-root>/wps/PA_AEMTest</context-root>

</web>

</module>

</application>

The initial version was installed on a deployment manager to a static cluster with no version specified. In the image immediately following is a screen shot from that installation:

Notice that the “Application edition” field is blank. At this point, I “started” the application from the deployment manager console. The portlet was then registered to Portal via the following XMLAccess script:

<request xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="PortalConfig_8.0.0.xsd" type="update" create-oids="true">

<portal action="locate">

<web-app action="update" uid="AEM.test.alexlang.webap" active="true" predeployed="true"> <url>file:/opt/IBM/WebSphere85/wp_profile/installedApps/aclaix85Cell/AEMTest.ear/AEMTest.war</url>

<context-root>/wps/PA_AEMTest</context-root>

<display-name>AEMTest</display-name>

<portlet-app action="update" active="true" name="com.ibm.aemtest.AEMTestPortlet.47ae6c3a35" uid="AEM.test.alexlang.portlet-app">

<portlet action="update" active="true" name="AEMTest"/>

</portlet-app>

</web-app>

</portal>

</request>

At this point, I verified the original version worked as expected.

Then, two additional editions of this application were installed. The additional versions merely change the displayed version number in the browser. However, this time the Application edition was noted as in the attached screen shot. This was for “version 2”. Similarly, “version 3” was installed.

Switching Between Versions

With multiple versions (editions) of the same portlet deployed on WebSphere, one can now switch between the “active” version of the edition using the “Edition Control Center” on the Deployment Manager. Using the “Rollout” button on the screen for the “AEMTest” application, allows one to activate and start the desired version on the cluster with one action.

In the following screen, one can see that the “version 3” of the AEMTest portlet is the active version.

In this blog I will lay out some new Administration Tips and Tricks around Digital Experience, WebSphere Portal and Web Content Manager:

IBM JDK 7.1 was shipped and can be used with version 8.5

With version 8.5 of Digital Experience during install WebSphere Application Server 8.5.5.x and JDK 7.0.0.x are deployed as prerequisites for Digital Experience.

Starting with WebSphere Application Server 8.5.5.2 Java 7.1.0.x was provided with the Application Server fix pack.

We have functionally tested 7.1.0.x and also performance tested it and saw a very slight improvement.

Version 7.1.0.x can be installed via the Installation Manager. After installing the JDK the command managesdk can be leveraged to switch the JDK used with the Digital Experience profile to 7.1.

Should multiple Digital Experience Clusters per cell be used or rather Multiple Cells be defined?

My recommendation is to not use multiple Digital Experience clusters in a single cell. While the main saving is to have a single Deployment Manager for all clusters in the cell the disadvantages far outweigh this single advantage in my eyes:
- cell wide configuration settings like for instance security configuration limit flexibility
- dynacache replication in the cell can impact performance
- challenge to administer since even scoped setting changes need to be done in the right scope
- All portal clusters must be at the same maintenance levels

Health Management with Digital Experience on WebSphere Application Server 8.5.5.x

Starting with WebSphere Application Server 8.5 new Health Monitoring features were introduced - the health monitor and health policies.

The health monitor uses health policies. A health policy is a combination of health conditions and actions. Health conditions define triggers from which the system can protect itself, for example, a memory leak. Health actions are the specific steps that the system takes when a health condition is triggered. For example, with a memory leak condition, the health action can be to restart the associated servers . A number of predefined health conditions are installed with the product. You can use the predefined health conditions to create default health policies. In addition to these broad default health policies, you can define specific policies that apply for your environment.

The health monitoring happens at the Java Virtual Machine level and can be used with Digital Experience JVMs as well.

For more details pertaining to Health Management see:

https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/cwve_odhealth.html?lang=en

Intelligent Routing:

Starting with WebSphere Application Server 8.5 in addition to the classic web server plugin and the On Demand Router a new feature was introduced - Intelligent Routing.

In the WebSphere Console you can turn on the Intelligent Routing feature for the web server plugin and from then on the Intelligent features will be enabled.

Among others the Intelligent Routing provides:

- Routing information based on events in WebSphere like stopping a server or starting an application

- Weighted Least Outstanding Requests (WLOR) load balancing

- Honoring health management features like not routing requests to a server that is in maintenance mode

For more details pertaining to Intelligent Routing see:

https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/cwve_implugin.html

SessionTimeoutFilter handling:

The SessionTimeoutFilter in Portal is only called for authenticated users. When using anonymous sessions and requiring cleanup code a J2EE session listener needs to be implemented.

For information regarding SessionTimeoutFilters see: http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/admin-system/adauthflt.dita?lang=en

The workshop on WebSphere Portal 8.5 Administration was just published and is now available:
https://developer.ibm.com/digexp/docs/docs/customization-administration/administering-ibm-websphere-portal-8-5/
 
It offers a lot of hands-on exercises to get to know WebSphere Portal 8.5 Administration better.

Introduction

During my current SEAL engagement, my customer has a large number of team members who help maintain a large and complex Portal site. Each of the team members manages a subset of the larger site.

A reoccurring problem with this arrangement is making sure that each team member has the correct role to adequately manage their "sub-site". I've had to take a "Portal Access Control" (PAC) trace each time and figure out what role that person in question was missing that kept them from the task at hand.

The problem was happened enough now that I have automated the process and want to pass it along here.

Initial Problem

You know that you have a problem because on the browser window and likely in the SystemOut.log there is a message about not being able to complete an action due to a missing permission. The exact format of the message may vary from screen to screen, but generally the message only provides the name of the resource but not the actual role that was missing.

The goal is to find the role that user was missing for the action the user was attempting.

For example, to change the page layout on a particular page, a user needs both roles of "Editor" as well as "Markup_Editor" on that page. If the user has the role of "Editor" but not "Markup_Editor" and if this user tries to change the layout of the page, they are presented with an error dialog with the page ID and a cryptic message regarding the lack of permissions. The trick now is to figure out which role that user is missing.

Note also, that for Portal 8.5, this Portal InfoCenter page has all the required roles for various operations. In "Table 3" it shows that to change a page layout you need both Editor and Markup_Editor. However, this table is complex and hard to consume. This situation leads to a missing role that needs to be determined.

Process to Find Missing Role

We start by enabling the correct PAC trace. This trace shows all requests into PAC to find roles for a resource and whether or not a user or the groups that user is a member of have the required role for the intended operation. If PAC finds a match, it returns "true". Otherwise, it returns false.

Here is the trace that you need to set:

com.ibm.wps.ac.impl.ChildEntitlementsEngine=all: com.ibm.wps.ac.impl.FullEntitlementsEngine=all

These 2 traces record all requests to PAC for Portal and WCM articifacts to see if an appropriate role exists for the operation requested.

Here is a sample line we are interested in:

[5/16/16 13:22:36:948 MST] 00000116 FullEntitleme > com.ibm.wps.ac.impl.FullEntitlementsEngine checkExplicitPermission ENTRY ACPrincipalPumaImpl: Name: CN=1062775,OU=PEOPLE,O=aCompany,C=US, OID:[ExtIDImpl 'Z9eAe3IJQJO06MHCEJRK6CPJALU0A5QJ056L8CPJQ31T95AISK3H53AFAL91', USER, CN=1062775,OU=PEOPLE,O=aCompany,C=US, [Domain: rel]] [ObjectIDImpl 'Z6_CGAH47L00GOIB0A5TIKBAN00I6', CONTENT_NODE, VP: 0, [Domain: rel], DB: 0000-0CAA484E050062B9802A5DD2A52E00D2] 8 (ActionSet)Edit, (-1) (/ActionSet)

This line is complex, but there a couple of things that interest us. The first is the resource. In this case it's a "Page" which Portal calls a "Content_Node". It's name is "Z6_CGAH47L00GOIB0A5TIKBAN00I6". The second thing of interest is the actual user for which a role is examined. In this case it is a user whose CN is "1062775". In this particular example, PAC is looking to see if the user in question has an explicit role assignment on the resource. PAC might also check the groups of which this user is a member.

Finally, the actual roles are found between the "(ActionSet)" and "(/ActionSet)" characters. In this case, we were checking to see if the "Edit" role was present.

Notice this line has the word "ENTRY". For each "ENTRY", there will be a "RETURN" with either "true" or "false" depending on whether or not the principle (user) in question has the required role. Unfortunately, they are not on the same line. Therefore we have to use some complex Unix scripting to get what we need.

Removing Requests For Roles That Exist

Let's start by removing all the requests that resulted in a "RETURN true" which means that the user had the required role.

grep checkExplicitPermission trace.log | grep -A1 Z6_CGAH47L00GOIB0A5TIKBAN00I6 | grep -B1 "RETURN true" | grep "(ActionSet)" | cut -d ' ' -f29-31 | uniq

Let's examine this command in detail. Note that we are assuming only one active thread is doing work in this Portal. Otherwise, we also need an additional "grep" to isolate the correct thread.

1) grep checkExplicitPermission trace.log: Find all lines in the current trace that have the class "checkExplicitPermission" as noted in the line above.

2) grep -A1 Z6_CGAH47L00GOIB0A5TIKBAN00I6: Find all lines and the next line afterwards that contain the resource in question. In this case it's the page called "Z6_CGAH47L00GOIB0A5TIKBAN00I6". By getting the next line, we get the "RETURN" that includes whether the role was present or not.

3) grep -B1 "RETURN true": Only get the line and the one immediately above it where the required role was found.

4) grep "(ActionSet)": Get rid of the "RETURN" statements since we now only have "RETURN true" instances.

5) cut -d ' ' -f29-31: Only return the portion of the line with the ActionSet.

6) uniq: Only show unique role requests.

At this point we know for a particular resource what roles the interesting user had. Now we find the roles they need but don't have!

Finding the Missing Roles

Now we do a similar exercise as before but we remove all the roles that were found to exist. Here is the general command we use:

grep checkExplicitPermission trace.log | grep -A1  Z6_CGAH47L00GOIB0A5TIKBAN00I6 | sed '/(ActionSet)Edit, (-1) (\/ActionSet)/,+1 d'

1) grep checkExplicitPermission trace.log: Find all lines in the current trace that have the class "checkExplicitPermission".

2) grep -A1 Z6_CGAH47L00GOIB0A5TIKBAN00I6: Find all lines and the next line afterwards that contain the resource in question. In this case it's the page called "Z6_CGAH47L00GOIB0A5TIKBAN00I6". By getting the next line, we get the "RETURN" that includes whether the role was present or not.

3) sed '/(ActionSet)Edit, (-1) (\/ActionSet)/,+1 d': For each line that contains a role that the user already has, delete that line and the next one (which is the "RETURN" line). Not the escape of the "/" character.

4) If multiple roles already exist, pipe into a new "sed" stanza that looks like "3". So you might have a command that looks like this:

grep checkExplicitPermission trace.log | grep -A1  Z6_CGAH47L00GOIB0A5TIKBAN00I6 | sed '/(ActionSet)Edit, (-1) (\/ActionSet)/,+1 d' | sed '/(ActionSet)View, (-1) (\/ActionSet)/,+1 d'

At this point you be left with the exact statement(s) in the trace that show the ActionSet of the missing roles.

In this blog entry I will outline best practices to achieve a good performance with Portal 8.x (modular) themes.

In case an older theme is used check out the article here: https://www-10.lotus.com/ldd/portalwiki.nsf/dx/Optimizing_Portal_7_Page_Builder_Theme_for_performance

General:

The performance of the page rendering is affected both by the execution on the server as well as downloading the resources referenced by the theme and their cachability. The Portal tuning guide outlines which parameters to configure to achieve good cache headers so that the browser will not keep on downloading the same static resource and also how to enable http caching to prevent Portal from having to deliver the static resources.

The amount of javascript being parsed and executed as well as the amount of css rules that the browser has to process impact the rendering time too.

Server side processing:

- Disable JSP reloading for the theme.

- If the Default.jsp was adjusted to have a constant reload of the theme.html files via the parameter <r:param name="max-age" value="2"/> remove it for Production and Performance Test environments.

- Limit the amount of dynamic content spots. Remove default content spots that are not needed. If including JSP fragments or initialization logic note that each JSP will execute that logic if including it.

- Check how long the dynamic content spots (JSPs) take via adding timer code and try to optimize the slowest dynamic content spots by adding caching via Dynacache or local Maps.

- Try to avoid anonymous sessions in the theme.

- Disable cache propagation of theme events via adding the following parameters to the WP CacheManagerService:

In the WebSphere Integrated Solutions Console Resources → Resource Environment → Resource Environment Providers → WP CacheManagerService → Custom properties
Name:cacheinstance.com.ibm.wps.resolver.data.cache.DataSourceCache.enableRemoteInvalidation
Value: false

Name:cacheinstance.com.ibm.wps.resolver.service.PortalPocBootstrapService.enableRemoteInvalidation
Value: false

Name:cacheinstance.com.ibm.wps.spa.parser.theme.ThemeParserCache.enableRemoteInvalidation
Value: false

Name:cacheinstance.com.ibm.wps.spa.parser.skin.SkinParserCache.enableRemoteInvalidation
Value: false

Name:cacheinstance.com.ibm.wps.spa.parser.locale.LocalizationParserCache.enableRemoteInvalidation

- If calling WCM try to ensure WCM caching is enabled.

- Investigate if the Navigation can be cached across users.

Client Side Processing:

- Like any other web page on the client browser side the number of files referenced by the html as well as their size impacts the performance.

- Implement the classic web server tuning - compression, cache headers, http caching.

- Limit the resources referenced by the theme that are not aggregated (meaning not part of the profile).

- Limit the amount of different profiles as well as themes on the site since that will require a completely new download of all aggregated resources -> The only use case I see for having multiple theme profiles is if there is a major difference in the javascript frameworks being used between pages and so having all of these in one profile would slow down all pages.

- Leverage either the profile_deferred or profile_lightweight profiles as a starting point for your profiles. Try to avoid adding a vast set of files to the modules referenced by your profile. Remove sample or default modules where possible.

- If using a larger amount of images try to sprite them.

- Avoid using old versions of javascript frameworks like for instance version 1.4 of dojo.

- Try to move javascript execution from the head to the end of the rendering - by specifying a contribution as config versus head the execution is automatically moved to the end of the html processing of the page.

Starting at WebSphere Application Server version 8.0.0.2 NCSA logging can be used to log requests and their attributes like cookies, source IP as well as duration. The log format can be customized to log only the required data. This is similar to the access logging in the HTTP server. In case a network issue or problem with incoming request header is suspected it can be very helpful to see the incoming requests - especially if it is not clear what kind of logging would be needed inside the component.

More details on how to enable this can be found here (look for accessLogFormat): https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/rrun_chain_httpcustom.html

The log file size, number of historic files and location can be configured as well.

A sample log file entry with the format %h %u %t "%r" %s %b %D "%{Referer}i" "%{User-agent}i" %{JSESSIONID}C for a Digital Experience request would be:

9.27.111.45 - [02/Nov/2015:13:32:26 -0500] "GET /wps/myportal/ctcdemo/About/Overview/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8zigw0MTJycDB0N3J0MDA08LQ393PxMfQ29XA31w_EpMAky04-iQD9IAUi_AQ7gaADUH0VISUFuaIRBuqIiAIexxbY!/dz/d5/L2dBISEvZ0FBIS9nQSEh/ HTTP/1.1" 200 - 7344000 "http://thomas85cf6.rtp.raleigh.ibm.com:10039/wps/myportal/ctcdemo/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8zigw0MTJycDB0N3J0MDA08LQ393PxMfQ1Ngsz0wwkpiAJKG-AAjgZA_VGElBTkRhikOyoqAgDTiNm7/dz/d5/L2dBISEvZ0FBIS9nQSEh/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" JSESSIONID:0000x6jZQu2dq2v_I6WLQdqjpty:-1

It includes the requesting IP, time stamp, request URL as well as response code and duration. The duration in this case was 7344000 microseconds what is 7.3 seconds for a request from a Firefox 41 browser.

Over time the amount of Web Content Manager items will grow and it is important to clean up from time to time old items that are no longer needed to guarantee a good performance and make it easier for the content authors to do their daily work. This is especially important when migrating from an earlier release.

What kind of items accumulate over time that are no longer needed and can be cleaned up?

- Drafts

- Versions

- Expired Content

- Published Projects

- References to users and groups that no longer exist

- Item history

- Deleted items

- Unused items

The following chapters outline how to deal with each of those items.

As always the following limitations apply:

DISCLAIMER OF WARRANTIES:                                                 
-------------------------                                                 
The code is provided "AS IS", without warranty of any kind. IBM shall   
not be liable for any damages arising out of your use of the sample code, even if they have been advised of the possibility of such damages. 

1. Drafts

Draft items that are not published can accumulate over time. The sample jsp below can be used to cleanup drafts that are no longer needed. The jsp can be adjusted to go against different libraries and to have a last changed check.

Download the file wcm_maintenance.zip here: wcm_maintenance.zip

The sample JSP in question is purgeDrafts.jsp inside the zip.

2. Versions

The clear versions tool can be used to eliminate versions. See the following link for details: http://www-01.ibm.com/support/knowledgecenter/SSYJ99_8.5.0/wcm/wcm_admin_clear_versions.html?lang=en

The tool allows you to specify how many versions you want to keep or the timestamp from which date on you want to delete versions.

I also recommend to change the default policy in WCMConfigService to not create versions automatically but to set it to manual to let the user decide which versions to keep.

3. Expired Content

When content expires as part of a workflow an additional action in the workflow can trigger a deletion of the content as well. If that was not done and a lot of expired content exists it can accumulate. The sample jsp below can be used to delete expired items that are no longer needed. The jsp can be adjusted to go against different libraries and to have a last changed check.

Download the file wcm_maintenance.zip here: wcm_maintenance.zip

The sample JSP in question is purgeDrafts.jsp inside the zip.

4. Published Projects

While there is not an out of box tool to delete those, the WCM API as well as the wpscript utility allow to delete published projects. The sample script below deletes all published projects that were published before August 2015. It is possible to adjust the date inside the script. To execute the script trigger the following command:

<wp_profile>/PortalServer/bin/wpscript.bat -lang jython -f /tmp/deleteProjects.py

Download the file wcm_maintenance.zip here: wcm_maintenance.zip

The file inside the zip is called deleteProjects.py.

Update: Starting with 8.5 CF10 we provide a new utility that can be configured to run in the background to delete published projects - for details check: http://www.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/wcm_config_clean_tasks.html?lang=en

5. References to users and groups that no longer exist

Users and groups are referenced in IBM Web Content Manager items to ensure that only authorized users can access the items. It is common for user names or group names to change over time.

Example 1: A user name can change due to a change in their marital status.
Example 2: A user can move from one department to another within the organization say from HR to Finance which would change the fully qualified distinguished name from CN=<firstname lastname>,OU=HR,O=<companyname> to CN=<firstname lastname>,OU=Finance,O=<companyname>

In such cases, it is necessary to change the user or group references made in an item refer to the new user or group.

Administrators can also use the member fixer task to check whether any users or groups referenced in the IBM Web Content Manager items have been renamed or deleted and fix these references.
The member fixer task checks all of the items in a specified library for references to users and groups that no longer exist in the current user repository. When run in report mode, it will report all the references to members. When run in fix mode, these references can be fixed, either by replacing them with references to members that exist, or by removing the references.

For details see: http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/wcm_admin_member-fixer.dita?lang=en

6. Item history

Administrators can use the clear history tool to clear the history of an item.

For details see: http://www-10.lotus.com/ldd/portalwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Redbooks%3A+Building+a+Sample+Website+Using+IBM+Web+Content+Manager+7.0#action=openDocument&res_title=5.3.4_Clear_history_tool&content=pdcontent

7. Deleted Items

When items are deleted they are not completely removed to give users the chance to undo a deletion. These "deleted" items will grow over time. To finally delete an item WCM offers the Purge command. The Purge can be triggered via the user interface or via the API.

The sample jsp below can be used to purge deleted items that are no longer needed. The jsp can be adjusted to go against different libraries and to have a last changed check.

Download the file wcm_maintenance.zip here: wcm_maintenance.zip

The sample JSP in question is purgeContent.jsp inside the zip.

Update: Starting with 8.5 CF10 we provide a new utility that can be configured to run in the background to purge deleted items - for details check: http://www.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/wcm_config_clean_tasks.html?lang=en

8. Unused items

Content that is no longer used but is still around can also accumulate over time and cleaning it up will save space and improve performance and ease syndication or other staging activities. The WCM API allows you to query and delete and purge content and other WCM items.

Thanks to Chet Tuttle for all his help.

The web application bridge (WAB) uses reverse proxy technology to integrate web-based content providers, such as the Microsoft SharePoint server, with IBM® WebSphere® Portal.

By configuring WAB Web Dock portlet applications are created and can be added to a page. Those applications point to certain areas in the content provider as e.g. the Home page or a certain other URL inside the content-provider.

Often though the use case is to link to a certain page being served by a content-provider - e.g. a certain form or search URL.

WAB provides capabilities for inter-portlet communication via server side events or client side events - those are documented here: http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/help/panel_help/h_wab_ipc.dita?lang=en

In case of existing portlets that cannot be modified to send the server side events like the WCM rendering portlet and if the portlets are not on the same page the existing eventing mechanisms fall short.

I will outline below a possible high level solution for such requirements.

Solution Outline:

A theme module will call the javascript event for the Web Dock portlet application on a page based on the target URL being passed as URL parameter. This allows to generate arbitrary URLs for content-providers.

E.g. the URL /wps/myportal/wabpage?targetURL=/form1/myform.asp would trigger the page wabpage to be opened, the javascript in the theme would trigger the targetURL to be passed to the Web Dock application portlet that then renders the according backend URL.

Solution Details:

1. Configure WAB for your content-provider as usual.

2. Create a Web Dock application and choose a good start URL - e.g. /forms.

3. Configure the client side eventing for the Web Dock application by setting "Subscribe to client side event" to "Yes" and choosing a name for the "Subscribe to event on topic" - e.g. target.

4. Add the Web Dock application to a page.

Try to see if the eventing works by calling the following javascript from the browser console:
OpenAjax.hub.publish("com.ibm.vwat.event.target","http://portalurl/backendURL");

You will need to replace the portalurl with your server url and the backendURL with the according backend context root - e.g. /form1/myform.asp.

5. Modify your theme code to read the url parameter and trigger the eventing code. Sample javascript code is below:

<script>

function getQueryVariable(variable)
{
       var query = window.location.search.substring(1);
       var vars = query.split("&");
       for (var i=0;i<vars.length;i++) {
               var pair = vars[i].split("=");
               if(pair[0] == variable){return pair[1];}
       }
       return(false);
}

window.onload=function(){

var queryParam=getQueryVariable("url");

//TBD: validate query param to prevent security issue
//e.g. if contains http or host name do not send the event - only allow relative URLs for the current server
if(queryParam!=false &&typeof OpenAjax != 'undefined' && queryParam.substring(0,1)=='/')
{
OpenAjax.hub.publish("com.ibm.vwat.event.test","http://portalurl"+queryParam);
}

};

</script>

6. Test a URL addressed to the page and add the url query parameter as relative URL.

Additional considerations:

To prevent the end user from first noticing one URL loading and then the actual backend URL loading I recommend to hide the WAB portlet and unhide it with javascript in the function in the theme module.

Test the code across the browsers that need to be supported.

Introduction

The purpose of this entry in the blog is to relate all the tips and tricks learned about using WAB.

The main purpose of WAB (Web Application Bridge) is to “proxy” web sites behind the Portal so that users that do not have to access to those sites (e.g. due to Firewall) can still use them. The only requirement is that the Portal server has access to those sites. The user browsers don't require firewall access to sites and don't require an internet proxy to get to the sites. As far as the client browser is concerned, it is only accessing the Portal URL and only needs access to that system.

If one looks at the page source for a Portal page containing a WAB portlet, one sees that the WAB portlet is an iFrame that is sourced at the Portal plus a “context root”. So, in the case of the Apache Lucene Core site, located at “http://lucene.apache.org/core”, the iFrame would have a “src=/core”. This is a relative URL back to the Portal which accesses the “/core” context root.

Context Root of the WAB Servlet

The context root of the of the WAB servlet which is set in the WAS console only serves http "GET" requests from the IHS plugin to the WAB servlet. The iframe HTML in the portal page has a relative reference to the context root of the destination site.

The easiest way to do this is just put “/” for the context root of the servlet. This ends up being a default routing; e.g. any context root not actually used by Portal itself gets sent to the WAB servlet. By making the context root “/”, the plugin-cfg.xml file generated and propagated by the Deployment Manager to the IHS node(s) is automatic.

However, using “/” has 2 negative effects:

1) No content can be served from the IHS server since all context roots will go to Portal

2) It's considered less secure to have the plugin route “/” traffic to Portal.

Therefore, if you want to serve content from IHS as well as Portal or if you want to increase security, one should manually edit the plugin-cfg.xml file to replace the “/” with all the actual context roots for WAB back-end sites. In this case, you replace the line in the plugin-cfg.xml that reads

<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/*"/>

to be

<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/core/*"/>

Multiple WAB Portlet on a Page

This is supported and I will explain what to consider:

Technically, the iFrame for the WAB portlets will be replaced with an absolute URL with an alias to the Portal which embodies the target site of the back-end site. The main reason for this is so that when a link on the iFrame is clicked, Portal can deduce the correct routing.

Making multiple WAB portlets on a page work, requires an augmented setup for the back-end sites. Once completed, the back-end sites which use this augmented setup can either be on a page alone or along with other WAB portlets.

Here is an example of getting Apache Lucene “core” and ESPN “nfl” on the same page.

The Lucene core site is “http://lucene.apache.org/core”. The ESPN NFL site is “http://espn.go.com/nfl”.

What must be done:

 1) A Resource Environment Provider “host alias mapping” must be done for each and every site that MAY appear on a page with another WAB portlet. The REP is “WP Virtual Web Application Manager Config”. The “Custom Property” called “host_alias_mapping” has to be augmented with a value of “espn=http://espn.go.com, lucene=http://lucene.apache.org”. Make sure the “name” (espn, lucene) is lower case.

2) Create the “Content Providers” in the Portal Admin “Virtual Web Application Manager” portlet as normal.

Here is the ESPN Content Provider:

Here is the Lucene Content Provider:

Notice in both cases I have used lower case for the content provider.

3) Create the WebDock portlets.

Here is the ESPN NFL WebDock:

Here is the Lucene Core WebDock:

4) Finally, create aliases in DNS for the sites. However, in my case I can't update the IBM DNS servers so I just updated my /etc/hosts file on my client. Notice this is for the CLIENTs and not the actual portal servers. This is because the iFrames that will reference the sites are from the client browser. Since the sites are “proxied” thru portal, these DNS addresses are to IP address that clients use to get to the Portal. This is likely the address of the load balancer sitting in front of the Portal IHS servers for the cluster. Here is my (redacted) /etc/hosts file:

9.37.243.131 lucene.portalserver1.rtp.raleigh.ibm.com

9.37.243.131 espn.portalserver1.rtp.raleigh.ibm.com

In this case, the IP address of “portalserver1.rtp.raleigh.ibm.com” is “9.37.243.131”. The DNS address is the WAS Resource Environment Provider name prepended to the server name.

5) Restart Portal to pick up the changes to the Resource Environment Provider.

6) You can now place the portlets on the appropriate Portal pages.

In today's blog I will discuss some additional Administration Tips and Tricks with IBM Digital Experience.

1. Speed up deployments

a) Seeing a constantly growing JCR database and deployments taking a long time in 8.0 or 8.5?

The reason could be the versioning and storage of page changes in WCM due to Managed Pages. With Managed Pages every page change is versioned into the JCR database. If deployments are performed frequently the amount of data can grow in the db and the storage of pages can take time.

There are multiple options to solve this:

- if managed pages are not required, the Managed Pages feature can be disabled. See the following for details: http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/wcm_config_mngpages_disable.dita?cp=SSHRKX_8.5.0%2F0-4-5-4-1&lang=en

- if Managed Pages are required, versioning of pages can be disabled by setting the following configuration:

In WAS AdminConsole Resources->Resource Environment->Resource Environment Providers->WCM WCMConfigService->Custom properties
versioningStrategy.PortalPage=manual

Existing versions can be removed with the Version Cleaner. See the following for details: https://www.ibm.com/developerworks/community/blogs/portalops/entry/cleanup_of_wcm_versions?lang=en

b) Cluster Deployments

If in a cluster the deployment of portlets requires a distribution among the cluster nodes and the actual processing happening on the Deployment Manager. Ensure that the Deployment Manager has at least 2 GB of max heap and node agents having at least 500 MB of heap to speed up the deployment.

If a script is used to activate portlets in a cluster ensure to not activate the default portlets but just the ones that were really deployed.

2. Parallel Portlet Rendering in version 8.5

While Parallel Portlet Rendering has been deprecated in version 8.5 it is still supported and can be used. To enable a portlet to render in parallel the option cannot be set any more in the user interface of the manage portlets portlet but needs to be configured with XMLAccess. The parallel=true option needs to be added to the portlet. Sample below:

<preferences name="parallel" update="set">
<value><![CDATA[true]]></value>
</preferences>

3. Fragment caching of WCM portlets across anonymous and authenticated users

When using the same page that has some WCM portlets on it for authenticated and anonymous users and configuring fragment caching with the content shared across users this means that the authenticated and anonymous users will share the same cache entry. That can be an issue in case there are references to static resources in WCM as those would be addressed via the /wcm/myconnect authenticated URL that the anonymous user cannot access.

Options for solving this issue:

- having different pages for authenticated and anonymous users

- cloning the WCM portlet and having one portlet for authenticated users and one for anonymous users on the same page (using access control to let all authenticated see one and anonymous users the other)

- encoding URLs to the static resources via the /wcm/connect anonymous URL since it will work for all users

4. Avoid mixing cachable and non-cachable resources

For best performance the cachable part of the request should be kept separate from the non-cachable one. This holds true e.g. for page caching when the whole page should be cached at the browser but a small part - e.g. the user name is not cachable. Another sample is having a WCM portlet that loads content that is the same across users but also loads the ID of the user.

AJAX requests are a good way to solve the dilemma - so the parts of the resource that can be cached should be loaded and the non cachable part can be fetched and integrated via an AJAX call.

When designing a site think about which parts of the use case provide the same data across users and plan for caching of those.

5. Addressing WCM artifacts from the browser

When addressing a WCM item - either content or a component like a menu from the browser the following documentation explains how to build the URL:

http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/wcm_config_delivery_servlet.dita?lang=en

Alternatively it is also possible to use the preview option in the Authoring UI - note that the cache parameters should be removed to use the default caching.

A new way was provided with 8.5 CF5 - the Content as a Service page concept allows you to address content with different mime types.

See the following for details: http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/cntnt_serv_pgs.dita?lang=en

6. Cache Viewer portlet for WebSphere Portal 7.x and WebSphere Portal 6.1.x on WAS 7.x

While the Cache Viewer portlet for version 8.0 and 8.5 is available on the Portal Catalog the link below has the portlet for version 7 and version 6.1.x on WAS 7.x.:

https://www.ibm.com/developerworks/community/blogs/portalops/resource/CacheViewer_was7.zip

As always the following limitations apply:

DISCLAIMER OF WARRANTIES:                                                 
-------------------------                                                 
The portlet is provided "AS IS", without warranty of any kind. IBM shall   
not be liable for any damages arising out of your use of the sample portlet, even if they have been advised of the possibility of such damages. 

Thanks to Martin Presler-Marshall for making this portlet available.

Introduction

In the previous blog article on this topic, I showed the topology for creating a WCM preview server. In that article I also showed how to automatically move content from the "draft" stage to the "publish" stage so that the content could be viewed "in context" on the preview server. The automatic movement was done via a JMS listener attached to the subscription event.

However, there is now a better and "out of the box" way to achieve that automatic movement without writing a JMS listener. It involves the creation of a new workflow stage and disabling that stage in the proper places.

Details

This new method will rely on a new 4 stage workflow to achieve "in context" preview. The topology pictures in the previous article is still correct; there will be an authoring server, a preview server and the production rendering server. There might be other servers as well, but they are not relevant to the discussion here.

The standard content work flow will have at least 4 stages:

1. Draft

2. Preview - Publish (with a corresponding publish action called "previewPublish")

3. Production  - Publish (with a corresponding publish action called "productionPublish")

4. Expire

The trick is that on the authoring system the publish action for the second stage, "Preview - Publish", is disabled. I will describe below how that is done. That action is enabled on the preview sever. It doesn't actually matter how the production server is set (since it only gets live items); but if you are paranoid you can disable the "previewPublish" action on production as well.

All draft content is syndicated to the preview server (as opposed to only "live" items). Only "live" items are syndicated to the production rendering server. So, on the preview server, content will automatically execute the "publish" action from stage 2. Since the publish action for stage 2 is disabled on the authoring server, the content will not publish on the authoring server until it is moved to stage 3 (Production  - Publish). The content cannot, therefore, be syndicated to the production rendering servers until it reaches stage 3.

If issues or defects are found on the preview server with the new content, it can reverted back to the draft stage on authoring. If no issues are found, the new content can be moved along to the next stage (Production - Publish) and the reviewer wishes for content to be rendered in production.

Disabling the "previewPublish" Action

Disabling the previewPublish action is accomplished by going into the WAS Administrator console. That would be a Deployment Manager in a cluster or the WAS Admin console if standalone.

In the "WCM_WCMConfigService" Resource Environment Provider, create a new name "disableWorkflowAction" with a value of the action name; in this case "previewPublish". Restart the server. That action is now disabled. Moving an item to that stage is effectively a "no-op".

Limitations

Due to a soon to be released CF in V8.5, both V8.5.x and V8.0.x should both have a time offset in the workflow action on all of the relevant scheduled move actions. You should edit each workflow action in 8.0.x and set the offset to 1 minute after the specified date.  Consult this IC page for details. You need to create the work flow action with a "Date entered stage" plus an offset of 1 minute.

If you don't, you can get in a situation whereby the actions on the draft item are executed such that the content to be pushed immediately goes to the published stage. During the syndication process, this occurs within memory as a performance optimization on the subscriber. And when the item is finally ready to be committed to the database, it is already in a published state and will clash with the existing published item. This causes an unexpected deletion of the item due to an objectID clash.

Credits

Credit for this new method goes to Chet Tuttle for the idea and Kevin DeKorte for testing it with me.

If you want to search over a subset of content - e.g. content in a site area or site area hierarchy the WCM search component can be pretty helpful.

We will go over all the steps required to create a very simple WCM search component:

a) Ensure that a search service is currently configured. Create a new search collection and inside the collection create a new content source.
In the content source choose a URL like the following - pointing to your server and port and the site area you want to search:
http://someserver.com:10039/wps/seedlist/myserver?SeedlistId=Web%20Content/Articles&Source=com.ibm.workplace.wcm.plugins.seedlist.retriever.WCMRetrieverFactory&Action=GetDocuments
Note that spaces in the path to your content need to be denoted with %20

b) Test the new content source by triggering search manually and checking the results to see if the content was indexed. Setup a regular search interval so that new
content can be found.

c) Create a Search component in the WCM Authoring Portlet. Select the Search Collection that you just created as source for the search component.
For the presentation markup as a sample will show a simple table with the name of the content as link to the content and the publish date:
Header:
<div class="searchHeader">
   <div>Title</div><div>Publish Date</div>
</div>

Result Design:
<div class="resultsList">
  <div>[Placeholder tag="namelink"]</div>
  <div>[Property context="autofill" type="content" field="publishdate"]</div>
</div>

Footer:
<div class="searchFooter"></div>

Separator:
<div class="searchSeparator"></div>

No result design:
<div>No results</div>

d) Create a simple Authoring Template - it does not need fields. If you want the Authoring Template to be generic you could have a field for the search component to be used.

e) Create a simple Presentation Template for the Authoring Template just created. As markup we want to have the search form as well as the result list.
The form action has to point to the content and the result is displayed by the search component we created earlier.
A sample is below:
<div class="searchCompHeader">Search All News</div>

<form action='[PathCmpnt type="prefix"]/MyLibrary/Search/Simple Fast News Search'
 method="post">
 <table>
     <tr><div class="searchField">
         <input type="text" name="search_query"/>
     </td></tr>
     <tr><div class="subBtnContainer" align="center">
         <input class="subBtn" type="submit" value="Search"/>
     </td></tr>
 </table>
 </form>

<div>Results:</div>
[Component id="992efffb-3b8c-442f-bd98-9da396be5fb5:NC90aGUgaHViIGRlc2lnbi9uZXdzIHNlYXJjaA==" name="Design Library/news search" resultsPerPage="" startPage=""]

f) Create a piece of content using the authoring template and presentation template, add a WCM portlet to a page of your choice and point to the content just created.

g) Test your search - it could look like this:

Of course you will want to style the result for a nice display.

In my latest projects I came across some issues and tips and tricks I will cover in today's blog entry.

1. Excluding Access Control Checks when calling the PUMA API
By default every call to the PUMA API will be covered with an access control check. In case these calls are triggered very often, the performance can suffer.
In case you trust that the executing code can be executed by any user in the system you can enhance performance by wrapping the PUMA API call into a secure wrapper that will bypass the access control checks. To do that the com.ibm.portal.um.PumaEnvironment.runUnrestricted() method should be used.
See the following small example on how to trigger such a call. For simplicity the sample does not cover Exception handling, caching of JNDI calls, ...

Before:

    public List<User> findUsers() throws Exception
    {
         Context ctx = new InitialContext();
         String myjndiname = PumaHome.JNDI_NAME;
         PumaHome myPumaHome = (PumaHome) ctx.lookup(myjndiname);
         return myPumaHome.getLocator().findUsersByDefaultAttribute("somename");
    }

With com.ibm.portal.um.PumaEnvironment.runUnrestricted wrapper:

    public List<User> findUsersWithoutAccessControl() throws Exception
    {
        
         Context ctx = new InitialContext();
         String myjndiname = PumaHome.JNDI_NAME;
         final PumaHome myPumaHome = (PumaHome) ctx.lookup(myjndiname);
         return myPumaHome.getEnvironment().runUnrestricted(new PrivilegedExceptionAction ()
         {

             public Object run() throws Exception
             {
                 return myPumaHome.getLocator().findUsersByDefaultAttribute("somename");
             }

         });
    }

Update: I (Alex) have written a portlet which fully utilizes the PUMA runUnrestricted method. You can access the portlet here. You'll find the source code embedded in the WAR file as well.

2. Challenges with Portal Application Archives (aka PAA files)
Portal Application Archives are a powerful tool to combine multiple Portal and WCM artifacts into a single package.
Having issues building a Portal Application Archive? There are several samples in PortalServer/doc/paa-samples directory. Also most of the Catalog deliverables
like the Content Template Catalog are using PAA for shipment.
My suggestion is to try each artifact that will be packaged on its own, determining the order and only after the artifacts work, package them into the paa.
If you are updating a PAA file after you made some changes inside the PAA structure you need to also run the update-paa-components command.
In case legacy IBM portlets shall be packaged into the PAA note that those need to be packaged into the war directory and cannot be deployed as part of the portlets
directory. In my experience packaging portlets into the war directory has the advantage of giving you more control over the portlets to deploy them with a xmlacess script.
If you want to references a portlet that was packaged in the war directory in your paa you would use the following in XMLAccess:
<url>file://localhost/$user_install_root$/installableApps/myportlet.war</url>

3. Effect of missing Personalization Visibility rules
If your Portal pages reference not existing Personalizaton rules the effect is that the pages will not render at all. I recently came across this issue after
a staging to production deployment that moved the content via a JCR database copy - the existing pages were referencing rules that had gotten removed when the JCR database had been copied.

4. Compilation jar files
The Portal product installation contains the Portal APIs and SPIs in form of jar files that can be referenced when building custom applications. The jar files are located in the PortalServer\doc\compile directory. With Portal 8.5 you need CF4 or later to leverage the jar files.

5. LTPA token timeout messages
If you see a lot of LTPA timeout messages but have a scenario in which those are not a concern, the frequent log messages can make it harder to follow the log files.
The messages typically look like the following sample:
[9/23/14 13:43:04:163 EDT] 00000d52 LTPAServerObj W   CWSCJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Mon Sep 22 16:06:00 EDT 2014, current Date: Tue Sep 23 13:43:04 EDT 2014 Token attributes:  port=10033, username=user:defaultWIMFileBasedRealm/uid=wpsadmin,o=defaultWIMFileBasedRealm, hostname=ADMINIB-F0M58BD.. This warning might indicate expected behavior. Please refer to technote at http://www-01.ibm.com/support/docview.wss?uid=swg21594981.

It is possible to disable the warning logging of classes by disabling the info level logging for the class. E.g. the tracestring could look like the following:
*=info:com.ibm.ws.security.ltpa.LTPAServerObject=fatal

6. Debugging LDAP calls from VMM
If you want to debug the LDAP calls triggered by WebSphere Portal and WebSphere Application Server you can enable the following tracestring to trace the actual LDIF queries:
com.ibm.ws.wim.ldap.LdapConnection=all

7. Disabling WCM caching for a scripting portlet
The Scripting portlet uses WCM to store the actual script artifacts and displays it in form of a WCM rendering portlet.
If you have WCM Advanced or Basic Caching enabled updates will not become immediately visible until the cache times out. In case you need the WCM caching for other WCM portlets but want to see the Scripting portlet changes right away you can leverage the NoCache Preprocessor I published in the following blog post and just assign it to the scripting portlet instance(s):
https://www.ibm.com/developerworks/community/blogs/portalops/entry/disabling_wcm_advanced_caching_for_certain_wcm_rendering_portlets?lang=en

8. XMLAccess export via the User Interface
Want to export some Portal artifacts via XMLAccess but do not feel like using the command client? Do not have the xmlaccess jar files around to run the command client?
You can actually use the XMLAccess administration portlet for exports as well - simply import the export xml file that you want - e.g. ExportRelease.xml and the portlet will display a link with the result xml file. While the formatting might not be perfect it is a quick way to get an XMLAccess export.
 

The Eclipse project can be downloaded from here: https://www.ibm.com/developerworks/community/blogs/portalops/resource/custom_cache_preprocessor_eclipse_project.zip

In today's blog post I will answer some customer questions I received lately.

1. Is it possible to customize the portlet unavailable message?

Issues with a portlet that result in the unavailability of a portlet should be caught during testing. It can happen though that for some reason the issue occurs in production. In this case you might not want to replace the Portlet unavailability default message with a nicer error message pointing the user to a help hotline or to try again later. All of these resource bundles are stored in the wp.ui.jar file in the PortalServer\ui\wp.ui\shared\app directory.
For the English language, you use the problem_en.properties file. In that file, you see the following line:
portlet.not.available = This portlet is unavailable.
You can change that text to whatever you wish. Note that the text you enter will be the same for every portlet that is unavailable.
For other languages you would modify the according file in the jar.

2. How can the login page that Portal displays be changed to a custom page?

In case you are not logged in and you access the protected area of Portal, Portal will redirect you to the login page of the according virtual Portal. The same is true when the login link is selected. To switch the default page to a custom page you can change the unique name of the default login page and of your custom page. Portal generates the link to the login page to the page that has the unique name "wps.Login".

3. How can I configure the Web Application Bridge to pass cookies from the browser to the backend integrated via WAB?

When integrating a backend application via the Web Application Bridge you might want cookies or headers to be forwarded from the browser of the user to the backend application.
An example could be to achieve single sign on to a backend WebSphere Application Server you want to forward the LTPA2 cookie.
In version 8.0 and earlier the Web Application Bridge does not forward cookies in any direction by default. If you are using version 8.0 or earlier you need to access the WAB Admin Portlet and configure the cookie to be propagated with direction as inbound in the Forwards section. Below is a screenshot of how to configure the propagation of the LTPA 2 cookie:

4. How can I track the portlet usage on my site?
If you want to check which of your portlets are used and how often they are triggered there are different options to achieve this:
- Server side analytics: Easy to enable - writes to a log file. No additional software needed. Documented here:
http://www-10.lotus.com/ldd/portalwiki.nsf/xpDocViewer.xsp?lookupName=IBM+WebSphere+Portal+8+Product+Documentation#action=openDocument&res_title=Enabling_site_analysis_logging_wp8&content=pdcontent

- Monitoring software:
Software like ITCAM, ... consume data provided by PMI by WAS. One can use a free viewer like e.g. the WebSphere Application Server Performance Tuning Toolkit to look at the data as well.

- Custom log options like e.g. the theme/skin timer or logging code in the portlets that could write their own log.

- Active Site Analytics: Based on client interaction. Provides a rich set of data. Requires separate software that collects the data - e.g. IBM Web Analytics.

5. Is it possible for a portlet to set the page title of the rendered page in Portal?

Yes. See the sample here on what code to invoke:
http://www-10.lotus.com/ldd/portalwiki.nsf/xpDocViewer.xsp?lookupName=IBM%20WebSphere%20Portal%208%20Product%20Documentation&documentId=949B40436BB881B985257B250080F637&action=openDocument&rev=true&mode=original&content=pdcontent

6. Can I update the JVM arguments of multiple JVMs in a cluster without having to go through every JVM?

As part of the generic JVM arguments of every JVM we reference the WebSphere variable ${WPS_JVM_ARGUMENTS_EXT}. It is possible to add a custom variable and then by updating the variable all JVMs will get the setting without having to edit the settings for each and every JVM in the cluster.